Vulnerability Description
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hfs | Http File Server | <= 2.2b |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28631
- http://securityreason.com/securityalert/3582
- http://www.rejetto.com/hfs/?f=wnExploit
- http://www.securityfocus.com/archive/1/486874/100/0/threaded
- http://www.securityfocus.com/bid/27423
- http://www.syhunt.com/advisories/hfs-1-username.txt
- http://www.syhunt.com/advisories/hfshack.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39876
- http://secunia.com/advisories/28631
- http://securityreason.com/securityalert/3582
- http://www.rejetto.com/hfs/?f=wnExploit
- http://www.securityfocus.com/archive/1/486874/100/0/threaded
- http://www.securityfocus.com/bid/27423
- http://www.syhunt.com/advisories/hfs-1-username.txt
- http://www.syhunt.com/advisories/hfshack.txt
FAQ
What is CVE-2008-0408?
CVE-2008-0408 is a vulnerability with a CVSS score of 6.4 (MEDIUM). HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
How severe is CVE-2008-0408?
CVE-2008-0408 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0408?
Check the references section above for vendor advisories and patch information. Affected products include: Hfs Http File Server.