Crafty Controller
CVE-2024-1064
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
AnalysisAI
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-644. A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header Affected products include: Craftycontrol Crafty Controller.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Crafty Controller
View allStored cross-site scripting (XSS) vulnerability in Crafty Controller that allows authenticated attackers to inject malic
Path traversal in Crafty Controller game server management allows authenticated attackers to read/write files outside th
Crafty Controller Users API allows authenticated administrators with high privileges to modify other user accounts due t
Remote code execution in Crafty Controller's Backup Configuration feature results from insufficient path traversal valid
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today