CVE-2024-1226— Multiple vulnerabilities in Rejetto's Http File Server
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-1226
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple vulnerabilities in Rejetto's Http File Server
Source: NVD (National Vulnerability Database)
Vulnerability Description
The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Rejetto Http File Server 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HTTP File Server是一个简单的工具,它允许您从台式机、平板电脑或其他设备访问手机的文件,而无需任何特殊软件 - 只需一个网络浏览器。 Rejetto Http File Server 2.2a 版本存在注入漏洞,该漏洞源于在某些情况下,软件不会中和某些特殊字符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Rejetto | Http File Server | 2.2a, build #124 | - |
II. Public POCs for CVE-2024-1226
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-1226
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-93
- CVE-2026-42257
net-imap: Command Injection via "raw" arguments to multiple - CVE-2026-41570
PHPUnit: Argument injection via newline in PHP INI values fo - CVE-2026-41417
Netty vulnerable to HTTP request smuggling and RTSP request - CVE-2026-39849
Pi-hole FTL remote code execution via newline injection in d - CVE-2026-34458
Sandboxie-Plus privilege escalation via INI CRLF injection b
V. Comments for CVE-2024-1226
No comments yet