Vulnerability Note VU#251276
Rejetto HTTP File Server (HFS) search feature fails to handle null bytes
Original Release date: 06 Oct 2014 | Last revised: 06 Oct 2014
Rejetto HTTP File Server (HFS) search feature in versions 2.3, 2.3a, and 2.3b fails to handle null bytes.
CWE-158: Improper Neutralization of Null Byte or NUL Character – CVE-2014-6287
Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a regular expression in parserLib.pas that fails to handle null bytes. Commands that follow a null byte in the search string are executed on the host system. As an example, the following search submitted to a vulnerable HFS instance launches calculator on the host Microsoft Windows system:
Note that this vulnerability is being exploited in the wild. A Metasploit module has been released to exploit this vulnerability.
A remote, unauthenticated user may be able to run arbitrary operating system commands on the server.
Apply an update
This issue is addressed in HFS version 2.3c and later, available here.
Vendor Information (Learn More)
VendorStatusDate NotifiedDate UpdatedRejettoAffected03 Oct 201406 Oct 2014If you are a vendor and your product is affected, let
CVSS Metrics (Learn More)
This document was written by Joel Land.
11 Sep 2014
Date First Published:
06 Oct 2014
Date Last Updated:
06 Oct 2014
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.