Show Posts
1
HFS ~ HTTP File Server / Rejetto HTTP File Server (HFS) search feature fails to handle null bytes
« on: November 03, 2014, 05:01:07 PM »
Hi,
If this has been mentioned before, sorry.
I just found this: http://www.kb.cert.org/vuls/id/251276
Description
CWE-158: Improper Neutralization of Null Byte or NUL Character - CVE-2014-6287
Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a regular expression in parserLib.pas that fails to handle null bytes. Commands that follow a null byte in the search string are executed on the host system.
Might be something to fix though, as i just restarted the entire windows machine with this one...
Thanks!
If this has been mentioned before, sorry.
I just found this: http://www.kb.cert.org/vuls/id/251276
Description
CWE-158: Improper Neutralization of Null Byte or NUL Character - CVE-2014-6287
Rejetto HFS versions 2.3, 2.3a, and 2.3b are vulnerable to remote command execution due to a regular expression in parserLib.pas that fails to handle null bytes. Commands that follow a null byte in the search string are executed on the host system.
Might be something to fix though, as i just restarted the entire windows machine with this one...
Thanks!