Lucene search

[email protected]CVE-2008-0405

HistoryJan 29, 2008 - 12:00 a.m.

CVE-2008-0405

2008-01-2900:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2008-0405

hfs

directory traversal vulnerabilities

http file server

security

nvd

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a … (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a … (dot dot) in an account name, when requesting a URI composed of a “/?%0a” sequence followed by the data.

CPENameOperatorVersion
hfs:http_file_serverhfs http file serverle2.2b

CPE	Name	Operator	Version
hfs:http_file_server	hfs http file server	le	2.2b

References

secunia.com/advisories/28631

securityreason.com/securityalert/3581

www.rejetto.com/hfs/?f=wn

www.securityfocus.com/archive/1/486873/100/0/threaded

www.securityfocus.com/bid/27423

www.syhunt.com/advisories/hfs-1-log.txt

www.syhunt.com/advisories/hfshack.txt

exchange.xforce.ibmcloud.com/vulnerabilities/39873

6.8 Medium

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2008-0405

prion1 cvelist1 securityvulns2 exploitpack1 seebug2 packetstorm1 exploitdb1