rejetto forum

Software => HFS ~ HTTP File Server => Bug reports => Topic started by: mubix on October 06, 2014, 12:32:42 AM

Title: CVE-2014-6287: Remote Code Execution in HFS 2.3
Post by: mubix on October 06, 2014, 12:32:42 AM

Hey man, couldn't find it in the forums anywhere and wanted to make sure you knew about this:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287)

Here is a Metasploit module that exploits the bug https://github.com/rapid7/metasploit-framework/pull/3793 (https://github.com/rapid7/metasploit-framework/pull/3793)

Title: Re: CVE-2014-6287: Remote Code Execution in HFS 2.3
Post by: xpl01t on October 06, 2014, 12:32:46 PM

Hi mubix i'm Daniele Linguaglossa, rejetto was already informed about this and this vulnerability is fixed in 2.3c version,anyway thanks for your support

Cheers