Summary
This host is running HTTP File Server and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow an attacker to insert arbitrary HTML and script code and execute arbitrary PHP code.
Impact Level: Application
Solution
Update to version 2.3 or later,
For updates refer to http://www.rejetto.com/hfs
Insight
- An input passed to 'search' parameter is not properly sanitized before being returned to the user.
- An error due to the '~upload ' script allowing the upload of files with arbitrary extensions to a folder inside the webroot can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
Affected
HttpFileServer version 2.2f and prior
References
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- CoreHTTP CGI Support Remote Command Execution Vulnerability
- Apache Open For Business Weak Password security check
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities - March 2011
- httpdx 'USER' Command Remote Format String Vulnerability
- ModSecurity Multiple Remote Denial of Service Vulnerabilities