CVE-2008-0410

https://notcve.org/view.php?id=CVE-2008-0410

HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos obtener detalles de la configuración y uso utilizando un elmento id tal como <id>%version%</id> en la Autenticación HTTP Básica en vez de un usuario y contraseña, como se demuestra al ubicar este elemento id en el sub componente userinfo de un URL. HFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities. • http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3583 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486872/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-template.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39871 • CWE-287: Improper Authentication •