Search criteria
18 vulnerabilities found for http_file_server by hfs
FKIE_CVE-2008-0407
Vulnerability from fkie_nvd - Published: 2008-01-29 00:00 - Updated: 2026-04-23 00:35
Severity
Summary
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hfs | http_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request."
},
{
"lang": "es",
"value": "HTTP File Server (HFS) versiones anteriores a 2.2c etiqueta entradas en el fichero de trazas relativas a peticiones HTTP con el nombre de usuario enviado durante la Autenticaci\u00f3n HTTP B\u00e1sica, sin importar si la autenticaci\u00f3n fue exitosa, lo cual podr\u00eda dificultar a un administrador para determinar qui\u00e9n realiza peticiones remotas."
}
],
"id": "CVE-2008-0407",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3582"
},
{
"source": "cve@mitre.org",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0406
Vulnerability from fkie_nvd - Published: 2008-01-29 00:00 - Updated: 2026-04-23 00:35
Severity
Summary
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hfs | http_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name."
},
{
"lang": "es",
"value": "HTTP File Server (HFS) versiones anteriores a 2.2c, cuando los nombres de cuenta se utilizan como ficheros de traza, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante un nombre de cuenta largo."
}
],
"id": "CVE-2008-0406",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3581"
},
{
"source": "cve@mitre.org",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0409
Vulnerability from fkie_nvd - Published: 2008-01-29 00:00 - Updated: 2026-04-23 00:35
Severity
Summary
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hfs | http_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n mediante el subcomponente userinfo de un URL."
}
],
"id": "CVE-2008-0409",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3583"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0410
Vulnerability from fkie_nvd - Published: 2008-01-29 00:00 - Updated: 2026-04-23 00:35
Severity
Summary
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hfs | http_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as \u003cid\u003e%version%\u003c/id\u003e in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL."
},
{
"lang": "es",
"value": "HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos obtener detalles de la configuraci\u00f3n y uso utilizando un elmento id tal como \u003cid\u003e%version%\u003c/id\u003e en la Autenticaci\u00f3n HTTP B\u00e1sica en vez de un usuario y contrase\u00f1a, como se demuestra al ubicar este elemento id en el sub componente userinfo de un URL."
}
],
"id": "CVE-2008-0410",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3583"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0405
Vulnerability from fkie_nvd - Published: 2008-01-29 00:00 - Updated: 2026-04-23 00:35
Severity
Summary
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hfs | http_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en HTTP File Server (HFS) versiones anteriores a 2.2c, cuando los nombres de cuenta se utilizan como ficheros de traza, permite a atacantes remotos crear (1) ficheros y (2) directorios mediante .. (punto punto), de su elecci\u00f3n en un nombre de cuenta, al realizar la petici\u00f3n / URI; y (3) a\u00f1adir datos de su elecci\u00f3n en un fichero mediante un .. (punto punto) en un nombre de cuenta, al realizar la petici\u00f3n de un URI compuesto de la secuencia \"/?%0a\" seguido de los datos."
}
],
"id": "CVE-2008-0405",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3581"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-0408
Vulnerability from fkie_nvd - Published: 2008-01-29 00:00 - Updated: 2026-04-23 00:35
Severity
Summary
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hfs | http_file_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication."
},
{
"lang": "es",
"value": "HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos a\u00f1adir texto de su elecci\u00f3n en el fichero de trazas utilizando la representaci\u00f3n base64 del texto durante la la Autenticaci\u00f3n HTTP B\u00e1sica."
}
],
"id": "CVE-2008-0408",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T00:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28631"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3582"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28631"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-0408 (GCVE-0-2008-0408)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/486874/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://www.syhunt.com/advisories/hfs-1-username.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3582 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hfs-unspecified-log-injection(39876)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hfs-unspecified-log-injection(39876)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hfs-unspecified-log-injection(39876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-username.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0408",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0410 (GCVE-0-2008-0410)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.syhunt.com/advisories/hfs-1-template.txt | x_refsource_MISC |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/3583 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486872/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-sendhfsidentifier-info-disclosure(39871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as \u003cid\u003e%version%\u003c/id\u003e in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-sendhfsidentifier-info-disclosure(39871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as \u003cid\u003e%version%\u003c/id\u003e in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.syhunt.com/advisories/hfs-1-template.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-sendhfsidentifier-info-disclosure(39871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0410",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0405 (GCVE-0-2008-0405)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3581 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/486873/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfs-1-log.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-log.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0405",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0409 (GCVE-0-2008-0409)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.syhunt.com/advisories/hfs-1-template.txt | x_refsource_MISC |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/3583 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486872/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-host-xss(39870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-host-xss(39870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.syhunt.com/advisories/hfs-1-template.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-host-xss(39870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0409",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0406 (GCVE-0-2008-0406)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3581 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/486873/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfs-1-log.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "hfs-filename-dos(39875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "hfs-filename-dos(39875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "hfs-filename-dos(39875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-log.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0406",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0407 (GCVE-0-2008-0407)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/486874/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://www.syhunt.com/advisories/hfs-1-username.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3582 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:53.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "hfs-username-spoofing(39877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "hfs-username-spoofing(39877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "hfs-username-spoofing(39877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-username.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0407",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:53.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0408 (GCVE-0-2008-0408)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/486874/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://www.syhunt.com/advisories/hfs-1-username.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3582 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hfs-unspecified-log-injection(39876)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hfs-unspecified-log-injection(39876)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hfs-unspecified-log-injection(39876)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39876"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-username.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0408",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0410 (GCVE-0-2008-0410)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.syhunt.com/advisories/hfs-1-template.txt | x_refsource_MISC |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/3583 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486872/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.443Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-sendhfsidentifier-info-disclosure(39871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as \u003cid\u003e%version%\u003c/id\u003e in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-sendhfsidentifier-info-disclosure(39871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as \u003cid\u003e%version%\u003c/id\u003e in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.syhunt.com/advisories/hfs-1-template.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-sendhfsidentifier-info-disclosure(39871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39871"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0410",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0405 (GCVE-0-2008-0405)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3581 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/486873/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfs-1-log.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a \"/?%0a\" sequence followed by the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-log.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "hfs-unspecified-command-execution(39873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0405",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0409 (GCVE-0-2008-0409)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.syhunt.com/advisories/hfs-1-template.txt | x_refsource_MISC |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://securityreason.com/securityalert/3583 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/486872/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.384Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-host-xss(39870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-host-xss(39870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.syhunt.com/advisories/hfs-1-template.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-template.txt"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "hfs-host-xss(39870)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39870"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "3583",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3583"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and Information Disclosure Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486872/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0409",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.384Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0406 (GCVE-0-2008-0406)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://securityreason.com/securityalert/3581 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/486873/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfs-1-log.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "hfs-filename-dos(39875)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "hfs-filename-dos(39875)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "hfs-filename-dos(39875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39875"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "3581",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3581"
},
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Log Arbitrary File/Directory Manipulation and Denial-of-Service Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486873/100/0/threaded"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-log.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-log.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0406",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0407 (GCVE-0-2008-0407)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI
Summary
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/486874/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.rejetto.com/hfs/?f=wn | x_refsource_MISC |
| http://www.securityfocus.com/bid/27423 | vdb-entryx_refsource_BID |
| http://www.syhunt.com/advisories/hfs-1-username.txt | x_refsource_MISC |
| http://www.syhunt.com/advisories/hfshack.txt | x_refsource_MISC |
| http://secunia.com/advisories/28631 | third-party-advisoryx_refsource_SECUNIA |
| http://securityreason.com/securityalert/3582 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-01-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:53.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "hfs-username-spoofing(39877)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "hfs-username-spoofing(39877)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27423"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3582"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486874/100/0/threaded"
},
{
"name": "hfs-username-spoofing(39877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39877"
},
{
"name": "http://www.rejetto.com/hfs/?f=wn",
"refsource": "MISC",
"url": "http://www.rejetto.com/hfs/?f=wn"
},
{
"name": "27423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27423"
},
{
"name": "http://www.syhunt.com/advisories/hfs-1-username.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfs-1-username.txt"
},
{
"name": "http://www.syhunt.com/advisories/hfshack.txt",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/hfshack.txt"
},
{
"name": "28631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28631"
},
{
"name": "3582",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3582"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0407",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:53.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}