CVE-2014-7226

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.

Published: Oct 10, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-7226
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
rejetto / http_file_server	-	2.3c.x

http://packetstormsecurity.com/files/128532/HTTP-File-Server-2.3a-2.3b-2.3c-Remote-Command-Execution.html
http://www.exploit-db.com/exploits/34852
http://www.rejetto.com/forum/hfs-~-http-file-server/new-version-2-3d/
http://www.securityfocus.com/bid/70216

Vulnerability Database

290,020

CVE-2014-7226