Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0407

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0407
Last Modified 16 Sep 2009 01:14:44
Published 28 Jan 2008 07:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0407

Summary

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.

Vulnerable Systems

Application

  • Hfs Http File Server 2.2b


References

XF - hfs-username-spoofing(39877)

MISC - http://www.syhunt.com/advisories/hfshack.txt

BID - 27423

BUGTRAQ - 20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability

MISC - http://www.rejetto.com/hfs/?f=wn

SECUNIA - 28631

SREASON - 3582


Last Updated: 27 May 2016 10:46:47