Buffer Overflow in rejetto HFS Affects HTTP File Server Versions
CVE-2020-13432

7.5HIGH

Key Information:

Vendor
Rejetto
Status
Http File Server
Vendor
CVE Published:
8 June 2020

Summary

The rejetto HFS (HTTP File Server) version 2.3m Build #300 contains a vulnerability that allows remote attackers to exploit concurrent HTTP requests utilizing long URIs or headers. This can result in an invalid pointer write access violation, potentially leading to service disruptions or crashes. Users and administrators of this product should be aware of this risk and take necessary precautions.

References

https://www.rejetto.com/hfs/?f=wn
x_refsource_MISC
https://github.com/rejetto/hfs2/commit/b8ebfc4e22948e1a61...
x_refsource_MISC
http://packetstormsecurity.com/files/157980/HFS-Http-File...
x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.