Lucene search

[email protected]NVD:CVE-2008-0405

HistoryJan 29, 2008 - 12:00 a.m.

CVE-2008-0405

2008-01-2900:00:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.01

Percentile

84.1%

JSON

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a … (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a … (dot dot) in an account name, when requesting a URI composed of a “/?%0a” sequence followed by the data.

Affected configurations

Nvd

Node

hfshttp_file_serverRange≤2.2b

VendorProductVersionCPE
hfshttp_file_server*cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hfs	http_file_server	*	cpe:2.3:a:hfs:http_file_server::::::::

References

secunia.com/advisories/28631

securityreason.com/securityalert/3581

www.rejetto.com/hfs/?f=wn

www.securityfocus.com/archive/1/486873/100/0/threaded

www.securityfocus.com/bid/27423

www.syhunt.com/advisories/hfs-1-log.txt

www.syhunt.com/advisories/hfshack.txt

exchange.xforce.ibmcloud.com/vulnerabilities/39873

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

0.01

Percentile

84.1%

JSON

Related for NVD:CVE-2008-0405

cvelist1 prion1 cve1 securityvulns2 seebug2 exploitpack1 exploitdb1 packetstorm1