Http File Server Security Vulnerabilities and Issues — Http File Server CVE List

Lucene search

HfsHttp File Server

3 matches found

CVE•added 2008/01/29 12:0 a.m.•31 views

CVE-2008-0410

HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.

5CVSS6.3AI score0.00594EPSS

CVE•added 2008/01/29 12:0 a.m.•29 views

CVE-2008-0407

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

5CVSS6.6AI score0.0044EPSS

CVE•added 2008/01/29 12:0 a.m.•28 views

CVE-2008-0406

HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.

5CVSS6.3AI score0.0762EPSS