Описание
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 2.2b (включая)
cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.0044
Низкий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
EPSS
Процентиль: 63%
0.0044
Низкий
5 Medium
CVSS2
Дефекты
CWE-287