CVE-2014-3791

Severity CVSS v4.0:

Pending analysis

Type:

CWE-119 Buffer Errors

Publication date:

20/05/2014

Last modified:

12/04/2025

Description

Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.

Impact

Vector 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 10.00 HIGH
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV): Network
Attack Complexity (AC): Low
Authentication (Au): None
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

10.00

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:efssoft:easy_file_sharing_web_server:6.8:::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day
http://osvdb.org/show/osvdb/106965
http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html
http://www.exploit-db.com/exploits/33352
http://www.securityfocus.com/bid/67406
http://blog.techorganic.com/2014/05/14/from-fuzzing-to-0-day
http://osvdb.org/show/osvdb/106965
http://packetstormsecurity.com/files/126614/Easy-File-Sharing-Web-Server-6.8-Buffer-Overflow.html
http://www.exploit-db.com/exploits/33352
http://www.securityfocus.com/bid/67406