Vulnerability Details CVE-2008-0408
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 68.4%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/28631
- http://securityreason.com/securityalert/3582
- http://www.rejetto.com/hfs/?f=wn
- http://www.securityfocus.com/archive/1/486874/100/0/threaded
- http://www.securityfocus.com/bid/27423
- http://www.syhunt.com/advisories/hfs-1-username.txt
- http://www.syhunt.com/advisories/hfshack.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39876
- http://secunia.com/advisories/28631
- http://securityreason.com/securityalert/3582
- http://www.rejetto.com/hfs/?f=wn
- http://www.securityfocus.com/archive/1/486874/100/0/threaded
- http://www.securityfocus.com/bid/27423
- http://www.syhunt.com/advisories/hfs-1-username.txt
- http://www.syhunt.com/advisories/hfshack.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39876
Products affected by CVE-2008-0408
-
cpe:2.3:a:hfs:http_file_server:*