vulnerability
Rejetto Http File Server: CVE-2014-6287: Improper Control of Generation of Code
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Oct 7, 2024 | Jan 5, 2025 | May 2, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 7, 2024
Added
Jan 5, 2025
Modified
May 2, 2025
Description
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
Solution
rejetto-http-file-server-upgrade-to-3
References
- CVE-2014-6287
- https://attackerkb.com/topics/CVE-2014-6287
- http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html
- http://www.kb.cert.org/vuls/id/251276
- https://github.com/rapid7/metasploit-framework/pull/3793
- https://www.exploit-db.com/exploits/39161/
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.