CVE-2024-1064

HIGH

Craftycontrol Crafty Controller < 4.2.2 - Denial of Service

Title source: rule

Description

A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header

References (1)

[Exploit, Issue Tracking] https://gitlab.com/crafty-controller/crafty-4/-/issues/327

Scores

CVSS v3 7.5

EPSS 0.0055

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-644 CWE-116

Status published

Products (1)

craftycontrol/crafty_controller 4.0.0 - 4.2.2

Published Feb 03, 2024

Tracked Since Feb 18, 2026