Rejetto HTTP File Server (HFS) search feature in versions 2.3, 2.3a, and 2.3b fails to handle null bytes.
CWE-158: Improper Neutralization of Null Byte or NUL Character - CVE-2014-6287
Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a regular expression in parserLib.pas that fails to handle null bytes. Commands that follow a null byte in the search string are executed on the host system. As an example, the following search submitted to a vulnerable HFS instance launches calculator on the host Microsoft Windows system:
A remote, unauthenticated user may be able to run arbitrary operating system commands on the server.
Apply an update
This document was written by Joel Land.
|Date First Published:||2014-10-06|
|Date Last Updated:||2014-10-06 19:16 UTC|