CVE-2024-1064
📋 TL;DR
CVE-2024-1064 is a host header injection vulnerability in Crafty Controller's HTTP handler that allows unauthenticated remote attackers to cause a Denial of Service (DoS) by sending specially crafted HTTP requests with modified host headers. This affects all systems running vulnerable versions of Crafty Controller with the web interface exposed.
💻 Affected Systems
- Crafty Controller
📦 What is this software?
Crafty Controller by Craftycontrol
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability of Crafty Controller web interface and potentially managed game servers, requiring manual restart or system reboot.
Likely Case
Temporary DoS affecting the Crafty Controller web interface, disrupting administrative access until service restart.
If Mitigated
No impact if proper network segmentation and access controls prevent external access to vulnerable service.
🎯 Exploit Status
Simple HTTP request manipulation required. Proof of concept available in GitLab issue.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.3.3
Vendor Advisory: https://gitlab.com/crafty-controller/crafty-4/-/issues/327
Restart Required: Yes
Instructions:
1. Backup current configuration. 2. Update Crafty Controller to version 4.3.3 or later using the built-in updater or manual installation. 3. Restart the Crafty Controller service.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict access to Crafty Controller web interface to trusted IP addresses only
# Using iptables (Linux): iptables -A INPUT -p tcp --dport 8000 -s TRUSTED_IP -j ACCEPT
# Using Windows Firewall: New-NetFirewallRule -DisplayName "Crafty Controller" -Direction Inbound -LocalPort 8000 -Protocol TCP -RemoteAddress TRUSTED_IP -Action Allow
Reverse Proxy with Host Validation
linuxPlace Crafty Controller behind a reverse proxy that validates host headers
# Nginx example: server { listen 80; server_name yourdomain.com; location / { proxy_pass http://localhost:8000; proxy_set_header Host $host; } }
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Crafty Controller from untrusted networks
- Deploy a WAF (Web Application Firewall) with host header validation rules
🔍 How to Verify
Check if Vulnerable:
Check Crafty Controller version in web interface dashboard or via command: crafty --versionCheck Version:
crafty --versionVerify Fix Applied:
Confirm version is 4.3.3 or later and test with modified host header requests📡 Detection & Monitoring
Log Indicators:
- Unusual host header values in HTTP logs
- Multiple connection attempts with malformed headers
- Service restart events following suspicious requests
Network Indicators:
- HTTP requests with unusual or malformed host headers to port 8000
- High volume of requests to Crafty Controller endpoint
SIEM Query:
source="crafty.log" AND ("Host:" AND NOT "Host: expected-value") OR source="crafty.log" AND "restarting"