Lucene search

[email protected]CVE-2008-0407

HistoryJan 29, 2008 - 12:00 a.m.

CVE-2008-0407

2008-01-2900:00:00

CWE-287

[email protected]

web.nvd.nist.gov

http file server

hfs

cve-2008-0407

http logging

security vulnerability

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

CPENameOperatorVersion
hfs:http_file_serverhfs http file serverle2.2b

CPE	Name	Operator	Version
hfs:http_file_server	hfs http file server	le	2.2b

References

secunia.com/advisories/28631

securityreason.com/securityalert/3582

www.rejetto.com/hfs/?f=wn

www.securityfocus.com/archive/1/486874/100/0/threaded

www.securityfocus.com/bid/27423

www.syhunt.com/advisories/hfs-1-username.txt

www.syhunt.com/advisories/hfshack.txt

exchange.xforce.ibmcloud.com/vulnerabilities/39877

6.7 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.0%

JSON

Related for CVE-2008-0407

prion1 securityvulns2 seebug2 packetstorm1 exploitpack1 exploitdb1