Lucene search

[email protected]NVD:CVE-2008-0408

HistoryJan 29, 2008 - 12:00 a.m.

CVE-2008-0408

2008-01-2900:00:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

Affected configurations

Nvd

Node

hfshttp_file_serverRange≤2.2b

VendorProductVersionCPE
hfshttp_file_server*cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hfs	http_file_server	*	cpe:2.3:a:hfs:http_file_server::::::::

References

secunia.com/advisories/28631

securityreason.com/securityalert/3582

www.rejetto.com/hfs/?f=wn

www.securityfocus.com/archive/1/486874/100/0/threaded

www.securityfocus.com/bid/27423

www.syhunt.com/advisories/hfs-1-username.txt

www.syhunt.com/advisories/hfshack.txt

exchange.xforce.ibmcloud.com/vulnerabilities/39876

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.009

Percentile

82.9%

JSON

Related for NVD:CVE-2008-0408

cve1 cvelist1 prion1 securityvulns2 seebug2 exploitpack1 exploitdb1 packetstorm1