CVE-2008-0408

Опубликовано: 29 янв. 2008

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

Ссылки

http://secunia.com/advisories/28631
http://securityreason.com/securityalert/3582
http://www.rejetto.com/hfs/?f=wn
Exploit
http://www.securityfocus.com/archive/1/486874/100/0/threaded
http://www.securityfocus.com/bid/27423
http://www.syhunt.com/advisories/hfs-1-username.txt
http://www.syhunt.com/advisories/hfshack.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/39876
http://secunia.com/advisories/28631
http://securityreason.com/securityalert/3582
http://www.rejetto.com/hfs/?f=wn
Exploit
http://www.securityfocus.com/archive/1/486874/100/0/threaded
http://www.securityfocus.com/bid/27423
http://www.syhunt.com/advisories/hfs-1-username.txt
http://www.syhunt.com/advisories/hfshack.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/39876

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*

Версия до 2.2b (включая)

EPSS

Процентиль: 69%

0.00594

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-pggf-4mfg-vr7g

github

почти 4 года назад