Vulnerability Description
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hfs | Http File Server | <= 2.2b |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28631Vendor Advisory
- http://securityreason.com/securityalert/3582
- http://www.rejetto.com/hfs/?f=wn
- http://www.securityfocus.com/archive/1/486874/100/0/threaded
- http://www.securityfocus.com/bid/27423
- http://www.syhunt.com/advisories/hfs-1-username.txt
- http://www.syhunt.com/advisories/hfshack.txtExploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39877
- http://secunia.com/advisories/28631Vendor Advisory
- http://securityreason.com/securityalert/3582
- http://www.rejetto.com/hfs/?f=wn
- http://www.securityfocus.com/archive/1/486874/100/0/threaded
- http://www.securityfocus.com/bid/27423
- http://www.syhunt.com/advisories/hfs-1-username.txt
- http://www.syhunt.com/advisories/hfshack.txtExploit
FAQ
What is CVE-2008-0407?
CVE-2008-0407 is a vulnerability with a CVSS score of 5.0 (MEDIUM). HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more diffi...
How severe is CVE-2008-0407?
CVE-2008-0407 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0407?
Check the references section above for vendor advisories and patch information. Affected products include: Hfs Http File Server.