CVE-2024-23692

Name of the Vulnerable Software and Affected Versions Rejetto HTTP File Server versions 2.3m and earlier

Description The vulnerability is related to the improper neutralization of special elements used in a template engine, allowing a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. This issue has been exploited in real-world attacks, with threat actors targeting older versions of the HTTP File Server to drop malware and cryptocurrency mining software. The estimated number of potentially affected devices worldwide is not explicitly stated, but it is known that over 89,700 services are found to be vulnerable.

Recommendations For Rejetto HTTP File Server versions 2.3m and earlier, update to version 0.52.x, which is the recommended safe version of the product, as it is the latest release from the developer and includes support for HTTPS, dynamic DNS, and authentication for the administrative panel.

Note: The provided information does not include any vulnerability identifiers (e.g., CVE numbers) in the response as per the guidelines.