cbcvebase.
CVE-2024-1064
published 2024-02-03

CVE-2024-1064: A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of…

PriorityP343high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.81%
52.2th percentile
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

Affected

3 ranges
VendorProductVersion rangeFixed in
arcadia_technology_llccrafty_controller4.0.0 – 4.2.2
craftycontrolcrafty_controller4.0.0 – 4.2.2
gitlabcrafty_controller
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.

CVE-2024-1064 — HIGH severity | cvebase