CVE-2008-0408
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos añadir texto de su elección en el fichero de trazas utilizando la representación base64 del texto durante la la Autenticación HTTP Básica.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-01-22 CVE Reserved
- 2008-01-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/28631 | Third Party Advisory | |
| http://securityreason.com/securityalert/3582 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/486874/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/27423 | Vdb Entry | |
| http://www.syhunt.com/advisories/hfs-1-username.txt | X_refsource_misc | |
| http://www.syhunt.com/advisories/hfshack.txt | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39876 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.rejetto.com/hfs/?f=wn | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hfs Search vendor "Hfs" | Http File Server Search vendor "Hfs" for product "Http File Server" | <= 2.2b Search vendor "Hfs" for product "Http File Server" and version " <= 2.2b" | - |
Affected
| ||||||