cbcvebase.

Rejetto Http File Server vulnerabilities

7 known vulnerabilities affecting rejetto/http_file_server.

Total CVEs
7
CISA KEV
2
actively exploited
Public exploits
4
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2024-23692P1CRITICALCVSS 9.8KEVPoCRansomware≤ 2.42024-05-31
CVE-2024-23692 [CRITICAL] CWE-1336 CVE-2024-23692: Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vu Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.
nvd
CVE-2014-6287P1CRITICALCVSS 9.8KEVPoC≥ 2.3, < 2.3c2014-10-07
CVE-2014-6287 [CRITICAL] CWE-94 CVE-2014-6287: The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
nvd
CVE-2020-13432P3HIGHCVSS 7.5PoCv2.3m2020-06-08
CVE-2020-13432 [HIGH] CWE-120 CVE-2020-13432: rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers.
nvd
CVE-2014-7226P3HIGHCVSS 7.5PoC≤ 2.3c2014-10-10
CVE-2014-7226 [HIGH] CWE-94 CVE-2014-7226: The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
nvd
CVE-2024-39943P2HIGHCVSS 8.8fixed in 0.52.102024-07-04
CVE-2024-39943 [HIGH] CWE-78 CVE-2024-39943: rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command exec rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
nvd
CVE-2024-1226P3HIGHCVSS 7.5v2.2a, build #1242024-03-12
CVE-2024-1226 [HIGH] CWE-93 CVE-2024-1226: The software does not neutralize or incorrectly neutralizes certain characters before the data is in The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and
nvd
CVE-2024-1227P4MEDIUMCVSS 6.5v2.2a, build #1242024-03-12
CVE-2024-1227 [MEDIUM] CWE-601 CVE-2024-1227: An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site.
nvd
Rejetto Http File Server vulnerabilities | cvebase