CVE-2024-52875
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-52875
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in GFI Kerio Control 9.2.5 through 9.4.5. The dest GET parameter passed to the /nonauth/addCertException.cs and /nonauth/guestConfirm.cs and /nonauth/expiration.cs pages is not properly sanitized before being used to generate a Location HTTP header in a 302 HTTP response. This can be exploited to perform Open Redirect or HTTP Response Splitting attacks, which in turn lead to Reflected Cross-Site Scripting (XSS). Remote command execution can be achieved by leveraging the upgrade feature in the admin interface.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Source: NVD (National Vulnerability Database)
Vulnerability Title
GFI Kerio Control 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GFI Kerio Control是马耳他GFI公司的一套统一威胁管理(UTM)解决方案。该产品包括病毒防护、Web内容过滤和应用程序过滤等功能。 GFI Kerio Control存在安全漏洞,该漏洞源于部分页面的Dest 参数在用于生成302响应中的HTTP标头之前没有被正确清理。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GFI | Kerio Control | 9.2.5 ~ 9.4.5 | - |
II. Public POCs for CVE-2024-52875
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Kerio Control, formerly known as Kerio WinRoute Firewall, has been found vulnerable to multiple HTTP Response Splitting vulnerabilities in product affecting versions 9.2.5 | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-52875.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-52875
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: GFI
- CVE-2026-2039
GFI Archiver MArc.Store Missing Authorization Authentication - CVE-2026-2036
GFI Archiver MArc.Store Deserialization of Untrusted Data Re - CVE-2026-2038
GFI Archiver MArc.Core Missing Authorization Authentication - CVE-2026-2037
GFI Archiver MArc.Core Deserialization of Untrusted Data Rem - CVE-2025-35940
Hard-coded ArchiverSpaApi JWT Signing Key
Same weakness: CWE-113
- CVE-2026-42035
Axios: Header Injection via Prototype Pollution - CVE-2026-39971
Serendipity: Host Header Injection leads to SMTP header inje - CVE-2026-40175
Axios has Unrestricted Cloud Metadata Exfiltration via Heade - CVE-2026-34715
ewe Has Improper Neutralization of CRLF Sequences in HTTP He - CVE-2026-34520
AIOHTTP: C parser (llhttp) accepts null bytes and control ch
V. Comments for CVE-2024-52875
No comments yet