CVE-2008-0408

HFS HTTP File Server < 2.2b - Authentication Bypass

Title source: rule

Description

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

References (8)

[Third Party Advisory] http://secunia.com/advisories/28631

[Exploit] http://www.rejetto.com/hfs/?f=wn

[Various Sources] http://www.syhunt.com/advisories/hfs-1-username.txt

[Various Sources] http://www.syhunt.com/advisories/hfshack.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39876

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486874/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27423

[Third Party Advisory] http://securityreason.com/securityalert/3582

Scores

EPSS 0.0059

EPSS Percentile 69.0%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

hfs/http_file_server < 2.2b

Timeline

Published Jan 29, 2008

Tracked Since Feb 18, 2026