CVE-2008-0407
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
HTTP File Server (HFS) versiones anteriores a 2.2c etiqueta entradas en el fichero de trazas relativas a peticiones HTTP con el nombre de usuario enviado durante la Autenticación HTTP Básica, sin importar si la autenticación fue exitosa, lo cual podría dificultar a un administrador para determinar quién realiza peticiones remotas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-01-22 CVE Reserved
- 2008-01-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3582 | Third Party Advisory | |
| http://www.rejetto.com/hfs/?f=wn | X_refsource_misc | |
| http://www.securityfocus.com/archive/1/486874/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27423 | Vdb Entry | |
| http://www.syhunt.com/advisories/hfs-1-username.txt | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39877 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.syhunt.com/advisories/hfshack.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/28631 | 2018-10-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hfs Search vendor "Hfs" | Http File Server Search vendor "Hfs" for product "Http File Server" | <= 2.2b Search vendor "Hfs" for product "Http File Server" and version " <= 2.2b" | - |
Affected
| ||||||