rejetto CVE Vulnerabilities & Metrics

Focus on rejetto vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About rejetto Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with rejetto. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total rejetto CVEs: 3
Earliest CVE date: 07 Oct 2014, 10:55 UTC
Latest CVE date: 04 Jul 2024, 23:15 UTC

Latest CVE reference: CVE-2024-39943

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical rejetto CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.5

Max CVSS: 10.0

Critical CVEs (≥9): 1

CVSS Range vs. Count

Range	Count
0.0-3.9	2
4.0-6.9	1
7.0-8.9	1
9.0-10.0	1

CVSS Distribution Chart

Top 5 Highest CVSS rejetto CVEs

These are the five CVEs with the highest CVSS scores for rejetto, sorted by severity first and recency.

CVE-2014-6287 rejetto Published on 07 Oct 2014, 10:55 UTC (CVSS: 10.0)
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.
CVE-2014-7226 rejetto Published on 10 Oct 2014, 01:55 UTC (CVSS: 7.5)
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.
CVE-2020-13432 rejetto Published on 08 Jun 2020, 18:15 UTC (CVSS: 5.0)
rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers.
CVE-2024-39943 rejetto Published on 04 Jul 2024, 23:15 UTC (CVSS: 0)
rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).
CVE-2024-23692 rejetto Published on 31 May 2024, 10:15 UTC (CVSS: 0)
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

All CVEs for rejetto

CVE-2024-39943 rejetto vulnerability CVSS: 0 04 Jul 2024, 23:15 UTC

rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js).

CVE-2024-23692 rejetto vulnerability CVSS: 0 31 May 2024, 10:15 UTC

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment date, Rejetto HFS 2.3m is no longer supported.

CVE-2020-13432 rejetto vulnerability CVSS: 5.0 08 Jun 2020, 18:15 UTC

rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual files or folders are used, allows remote attackers to trigger an invalid-pointer write access violation via concurrent HTTP requests with a long URI or long HTTP headers.

CVE-2014-7226 rejetto vulnerability CVSS: 7.5 10 Oct 2014, 01:55 UTC

The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are interpreted as executable macro symbols.

CVE-2014-6287 rejetto vulnerability CVSS: 10.0 07 Oct 2014, 10:55 UTC

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.