Lucene search
K
HfsHttp File Server

6 matches found

CVE
CVE
added 2008/01/28 11:0 p.m.69 views

CVE-2008-0405

CVE-2008-0405 affects HTTP File Server (HFS) and describes multiple directory traversal flaws in versions prior to 2.2c. When account names are used for log filenames, an attacker can trigger traversal with .. in the account name to create arbitrary files and directories via the / URI, and can ap...

10CVSS6.7AI score0.0307EPSS
CVE
CVE
added 2008/01/28 11:0 p.m.55 views

CVE-2008-0408

CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...

6.4CVSS6.6AI score0.01707EPSS
CVE
CVE
added 2008/01/28 11:0 p.m.49 views

CVE-2008-0409

CVE-2008-0409 describes a cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) prior to 2.2c. The issue arises from how the server handles the userinfo subcomponent of a URL, allowing remote attackers to inject arbitrary web script or HTML into responses. Affected product: HFS (HTTP...

4.3CVSS5.5AI score0.01343EPSS
CVE
CVE
added 2008/01/28 11:0 p.m.43 views

CVE-2008-0406

CVE-2008-0406 affects HFS (HTTP File Server) prior to 2.2c, where using account names as log filenames allows a remote attacker to trigger a DoS (daemon crash) via a long account name. The issue stems from how logs are named and written when the %user% template is used; exploited input can overfl...

5CVSS6.3AI score0.03568EPSS
CVE
CVE
added 2008/01/28 11:0 p.m.43 views

CVE-2008-0407

CVE-2008-0407 affects HFS (HTTP File Server) up to version 2.2c. The vulnerability is a Username Spoofing issue where the server logs the username presented during HTTP Basic Authentication in request logs, even if authentication fails, which can mislead administrators about who actually made a r...

5CVSS6.6AI score0.01566EPSS
CVE
CVE
added 2008/01/28 11:0 p.m.43 views

CVE-2008-0410

CVE-2008-0410 affects HFS (HTTP File Server) prior to 2.2c. The vulnerability enables information disclosure by placing an id element in the userinfo portion of a URL used for HTTP Basic Authentication (e.g., %version%). Remote attackers can obtain configuration and usage details from the server,...

5CVSS6.3AI score0.01801EPSS