HTTP File Server Multiple Vulnerabilities Network Vulnerability

Summary

This host is running HTTP File Server and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow an attacker to insert arbitrary HTML and script code and execute arbitrary PHP code. Impact Level: Application

Solution

Update to version 2.3 or later, For updates refer to http://www.rejetto.com/hfs

Insight

- An input passed to 'search' parameter is not properly sanitized before being returned to the user. - An error due to the '~upload ' script allowing the upload of files with arbitrary extensions to a folder inside the webroot can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

Affected

HttpFileServer version 2.2f and prior

References

http://1337day.com/exploit/20345
http://bot24.blogspot.in/2013/02/http-file-server-v2x-xss-and-file.html

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Lotus Domino administration databases
PHP Built-in WebServer 'Content-Length' Denial of Service Vulnerability
ModSecurity Multiple Remote Denial of Service Vulnerabilities
nginx Arbitrary Code Execution Vulnerability
Apache Multiple Security Vulnerabilities

Take action and discover your vulnerabilities