header-logo
Suggest Exploit
vendor:
HTTP File Server
by:
Anonymous
5.5
CVSS
MEDIUM
Security Bypass, Denial-of-Service
264
CWE
Product Name: HTTP File Server
Affected Version From: 2.3
Affected Version To: 2.3a
Patch Exists: YES
Related CWE: CVE-2010-2334
CPE: a:rejetto:http_file_server:2.3
Metasploit:
Other Scripts:
Platforms Tested: Windows
2010

HTTP File Server Multiple Vulnerabilities

The vulnerabilities in HTTP File Server allow an attacker to download files from restricted directories or cause denial-of-service conditions. By accessing a specially crafted URL, an attacker can bypass security measures and download files from protected folders within the application's context. Additionally, the application is vulnerable to a denial-of-service attack triggered by a malformed search parameter.

Mitigation:

The vendor recommends upgrading to the latest version of HTTP File Server to mitigate these vulnerabilities. Additionally, it is advised to restrict access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/39544/info

HTTP File Server is prone to multiple vulnerabilities including a security-bypass issue and a denial-of-service issue.

Exploiting these issues will allow an attacker to download files from restricted directories within the context of the application or cause denial-of-service conditions. 

http://www.example.com/protected_folder/secret_file.txt%00
http://www.example.com/?search=%25%25

Navigation

Suggest Exploit

Services By CQR