Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0408

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-0408
Last Modified 16 Sep 2009 01:14:44
Published 28 Jan 2008 07:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0408

Summary

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

Vulnerable Systems

Application

  • Hfs Http File Server 2.2b


References

XF - hfs-unspecified-log-injection(39876)

MISC - http://www.syhunt.com/advisories/hfshack.txt

BID - 27423

BUGTRAQ - 20080123 Syhunt: HFS (HTTP File Server) Username Spoofing and Log Forging/Injection Vulnerability

MISC - http://www.rejetto.com/hfs/?f=wn

SECUNIA - 28631

SREASON - 3582


Last Updated: 27 May 2016 10:46:47