Arbitrary Code Execution via Invalid UTF-8 Byte Sequences in Rejetto HTTP File Server (HFS) 2.3c and Earlier

Arbitrary Code Execution via Invalid UTF-8 Byte Sequences in Rejetto HTTP File Server (HFS) 2.3c and Earlier

CVE-2014-7226 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.

Learn more about our Cis Benchmark Audit For Server Software.