Lucene search

MitreCVE-2008-0408

HistoryJan 29, 2008 - 12:00 a.m.

CVE-2008-0408

2008-01-2900:00:00

CWE-287

mitre

web.nvd.nist.gov

http file server

hfs

cve-2008-0408

remote attackers

log file

base64

http basic authentication

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

Affected configurations

Nvd

Node

hfshttp_file_serverRange≤2.2b

VendorProductVersionCPE
hfshttp_file_server*cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hfs	http_file_server	*	cpe:2.3:a:hfs:http_file_server::::::::

References

secunia.com/advisories/28631

securityreason.com/securityalert/3582

www.rejetto.com/hfs/?f=wn

www.securityfocus.com/archive/1/486874/100/0/threaded

www.securityfocus.com/bid/27423

www.syhunt.com/advisories/hfs-1-username.txt

www.syhunt.com/advisories/hfshack.txt

exchange.xforce.ibmcloud.com/vulnerabilities/39876

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

Related for CVE-2008-0408