CVE-2024-1064
Published: 03 February 2024
Summary
CVE-2024-1064 is a high-severity Improper Neutralization of HTTP Headers for Scripting Syntax (CWE-644) vulnerability in Craftycontrol Crafty Controller. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 31.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16839
Vulnerability details
A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validating that output matches expected content directly mitigates failures to properly encode or escape data for its destination context.