6 matches found
CVE-2008-0405
CVE-2008-0405 affects HTTP File Server (HFS) and describes multiple directory traversal flaws in versions prior to 2.2c. When account names are used for log filenames, an attacker can trigger traversal with .. in the account name to create arbitrary files and directories via the / URI, and can ap...
CVE-2008-0408
CVE-2008-0408 (HFS) : HTTP File Server versions before 2.2c are vulnerable to a logfile manipulation flaw. Remote attackers can cause arbitrary text to be appended to the server log by sending text encoded in base64 during HTTP Basic Authentication. This is a log forging/injection issue that can ...
CVE-2008-0409
CVE-2008-0409 describes a cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) prior to 2.2c. The issue arises from how the server handles the userinfo subcomponent of a URL, allowing remote attackers to inject arbitrary web script or HTML into responses. Affected product: HFS (HTTP...
CVE-2008-0406
CVE-2008-0406 affects HFS (HTTP File Server) prior to 2.2c, where using account names as log filenames allows a remote attacker to trigger a DoS (daemon crash) via a long account name. The issue stems from how logs are named and written when the %user% template is used; exploited input can overfl...
CVE-2008-0407
CVE-2008-0407 affects HFS (HTTP File Server) up to version 2.2c. The vulnerability is a Username Spoofing issue where the server logs the username presented during HTTP Basic Authentication in request logs, even if authentication fails, which can mislead administrators about who actually made a r...
CVE-2008-0410
CVE-2008-0410 affects HFS (HTTP File Server) prior to 2.2c. The vulnerability enables information disclosure by placing an id element in the userinfo portion of a URL used for HTTP Basic Authentication (e.g., %version%). Remote attackers can obtain configuration and usage details from the server,...