CVE-2008-0406

Опубликовано: 29 янв. 2008

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

Ссылки

http://secunia.com/advisories/28631
Vendor Advisory
http://securityreason.com/securityalert/3581
http://www.rejetto.com/hfs/?f=wn
http://www.securityfocus.com/archive/1/486873/100/0/threaded
http://www.securityfocus.com/bid/27423
http://www.syhunt.com/advisories/hfs-1-log.txt
http://www.syhunt.com/advisories/hfshack.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/39875
http://secunia.com/advisories/28631
Vendor Advisory
http://securityreason.com/securityalert/3581
http://www.rejetto.com/hfs/?f=wn
http://www.securityfocus.com/archive/1/486873/100/0/threaded
http://www.securityfocus.com/bid/27423
http://www.syhunt.com/advisories/hfs-1-log.txt
http://www.syhunt.com/advisories/hfshack.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/39875

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*

Версия до 2.2b (включая)

EPSS

Процентиль: 92%

0.0762

Низкий

5 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-v24h-cghj-p7rq

github

почти 4 года назад