← back
CVE-2014-6287

CVE-2014-6287

CVSS 9.8 CRITICALEPSS 99.3%● KEVCWE-94
In short

Rejetto HTTP File Server has a flaw in its search feature that allows attackers to run any program on the server by inserting a special character sequence. This is critical because it gives complete control of the affected server to an attacker.

Technical detail

The findMacroMarker function in parserLib.pas fails to properly validate null byte (%00) sequences in search parameters, allowing remote code execution through macro injection. An unauthenticated attacker can exploit the search action endpoint to inject and execute arbitrary commands with server privileges.

Summary generated and translated by AI from the official description.
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found23
githubgithub.com/randallbanner/Rejetto-HTTP-File-Server-HFS-2.3.x---Remote-Command-Execution2githubgithub.com/mrintern/thm_steelmountain_CVE-2014-62871githubgithub.com/Nicoslo/Windows-exploitation-Rejetto-HTTP-File-Server-HFS-2.3.x-CVE-2014-62871githubgithub.com/jagg3rsec/CVE-2014-62870githubgithub.com/R3fr4kt/Optimum0githubgithub.com/roughiz/cve-2014-6287.py0githubgithub.com/wizardy0ga/THM-Steel_Mountain-CVE-2014-62870githubgithub.com/zhsh9/CVE-2014-62870githubgithub.com/10cks/CVE-2014-62870githubgithub.com/francescobrina/hfs-cve-2014-6287-exploit0githubgithub.com/rahisec/rejetto-http-file-server-2.3.x-RCE-exploit-CVE-2014-62870githubgithub.com/Z3R0space/CVE-2014-62870githubgithub.com/nika0x38/CVE-2014-62870githubgithub.com/JoaZ94/rejjeto_hfs-rce-exploit-cve-2014-62870exploitdbwww.exploit-db.com/exploits/49125unverifiedcve_referencepacketstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.htmlunverifiedcve_referencepacketstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/39161/unverifiedexploitdbwww.exploit-db.com/exploits/34926unverifiedexploitdbwww.exploit-db.com/exploits/34668unverifiedexploitdbwww.exploit-db.com/exploits/39161unverifiedcve_referencepacketstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/135122/Rejetto-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/160264/Rejetto-HttpFileServer-2.3.x-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/161503/HFS-HTTP-File-Server-2.3.x-Remote-Code-Execution.htmlhttps://github.com/rapid7/metasploit-framework/pull/3793https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-6287https://www.exploit-db.com/exploits/39161/http://www.kb.cert.org/vuls/id/251276