CVE-2014-6287 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Rejetto HTTP File Server affects v. 2.3x before 2.3c.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
Rejetto HTTP File Server (HFS) is a popular web server designed to share files over the internet. The server is specifically designed for personal use, allowing files to be shared between individuals or small groups without the need for complex network configurations. HFS is meant to provide a simple and easy-to-use platform for sharing files online. The product has been widely used worldwide due to its simplicity and ease of use.
CVE-2014-6287 is a critical vulnerability that was detected in Rejetto HTTP File Server. The vulnerability is located in the findMacroMarker function in the parserLib.pas file, which is a component of the server. The vulnerability allows an attacker to execute arbitrary programs remotely using a %00 sequence in a search action. Attackers can use this vulnerability to gain unauthorized access to the server and execute malicious code.
If CVE-2014-6287 is exploited, it can lead to severe consequences for HFS users. Attackers can use this vulnerability to steal sensitive information, disrupt the server's functionality, and install malware or ransomware. The vulnerability can also allow attackers to gain complete control over the server and use it as a launchpad for further attacks. In short, the vulnerability can put users' data and privacy at risk.
At s4e.io, our mission is to help individuals and organizations protect their digital assets from cyber threats. By subscribing to our pro features, readers can stay updated on the latest security vulnerabilities and receive personalized recommendations on how to protect their assets. Our platform offers a range of tools and resources to help users stay protected, including vulnerability scanning, penetration testing, and threat intelligence. With s4e.io, you can stay one step ahead of cyber threats and protect your digital assets with confidence.
REFERENCES
- kb.cert.org: VU#251276
- exploit-db.com: 39161
- http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html
- https://github.com/rapid7/metasploit-framework/pull/3793
- http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html