CVE-2014-6287

Name of the Vulnerable Software and Affected Versions Rejetto HTTP File Server versions 2.3x prior to 2.3c

Description The issue allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. This is due to a problem in the findMacroMarker function in parserLib.pas.

Recommendations For versions 2.3x prior to 2.3c, update to version 2.3c or later to resolve the issue. As a temporary workaround, consider restricting access to the search action to minimize the risk of exploitation.