CVE-2014-6287

Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.

La función findMacroMarker en parserLib.pas en Rejetto HTTP File Server (también conocido como HFS o HttpFileServer) 2.3x anterior a 2.3c permite a atacantes remotos ejecutar programas arbitrarios a través de una secuencia %00 en una acción de búsqueda.

HttpFileServer version 2.3.x suffers from a remote command execution vulnerability due to a poorly formed regex.

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-09-09 CVE Reserved
2014-09-11 First Exploit
2014-09-12 CVE Published
2022-03-25 Exploited in Wild
2022-04-15 KEV Due Date
2024-08-06 CVE Updated
2024-08-19 EPSS Updated

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (17)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/251276	Third Party Advisory
https://seclists.org/bugtraq/2014/Sep/85
http://www.rejetto.com/wiki/index.php?title=HFS:_scripting_commands

URL	Date	SRC
https://www.exploit-db.com/exploits/34926	2014-10-09
https://www.exploit-db.com/exploits/39161	2024-08-06
https://www.exploit-db.com/exploits/34668	2014-09-15
https://www.exploit-db.com/exploits/49125	2020-11-30
https://github.com/0xTabun/CVE-2014-6287	2023-09-16
https://github.com/zhsh9/CVE-2014-6287	2024-03-06
https://github.com/wizardy0ga/THM-Steel_Mountain-CVE-2014-6287	2021-12-02
https://github.com/Nicoslo/Windows-exploitation-Rejetto-HTTP-File-Server-HFS-2.3.x-CVE-2014-6287	2021-02-20
http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html	2024-08-06
http://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.html	2024-08-06
http://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.html	2024-08-06
http://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.html	2024-08-06
https://github.com/rapid7/metasploit-framework/pull/3793	2024-08-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rejetto_hfs_exec.rb	2014-09-11

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Rejetto Search vendor "Rejetto"		Http File Server Search vendor "Rejetto" for product "Http File Server"				>= 2.3 < 2.3c Search vendor "Rejetto" for product "Http File Server" and version " >= 2.3 < 2.3c"		-		Affected