Remote Code Execution Vulnerability in Rejetto HTTP File Server
CVE-2014-7226

Currently unrated

Key Information:

Vendor: Rejetto
Status: Http File Server
Vendor: CVE Published:; 10 October 2014

Summary

The file comment feature in Rejetto HTTP File Server versions 2.3c and earlier is susceptible to a remote code execution vulnerability. This flaw enables attackers to upload specially crafted files containing invalid UTF-8 byte sequences that are misinterpreted as executable macro symbols, thereby allowing the execution of arbitrary code on the affected server. This serious security breach can compromise the integrity and confidentiality of the hosted data, making it crucial for users to ensure their systems are updated to prevent exploitation.

References

http://www.securityfocus.com/bid/70216

vdb-entryx_refsource_BID

http://packetstormsecurity.com/files/128532/HTTP-File-Ser...

x_refsource_MISC

http://www.exploit-db.com/exploits/34852

exploitx_refsource_EXPLOIT-DB

EPSS Score

8% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 10, 2014
Vulnerability Reserved
Sep 29, 2014