CVE-2008-0410
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
HTTP File Server (HFS) versiones anteriores a 2.2c permite a atacantes remotos obtener detalles de la configuración y uso utilizando un elmento id tal como <id>%version%</id> en la Autenticación HTTP Básica en vez de un usuario y contraseña, como se demuestra al ubicar este elemento id en el sub componente userinfo de un URL.
HFS versions 2.3 through 2.0 suffer from cross site scripting and information disclosure vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-01-22 CVE Reserved
- 2008-01-24 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-10-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
http://securityreason.com/securityalert/3583 | Third Party Advisory | |
http://www.securityfocus.com/archive/1/486872/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/27423 | Vdb Entry | |
http://www.syhunt.com/advisories/hfs-1-template.txt | X_refsource_misc | |
http://www.syhunt.com/advisories/hfshack.txt | X_refsource_misc | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/39871 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.rejetto.com/hfs/?f=wn | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/28631 | 2018-10-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hfs Search vendor "Hfs" | Http File Server Search vendor "Hfs" for product "Http File Server" | <= 2.2b Search vendor "Hfs" for product "Http File Server" and version " <= 2.2b" | - |
Affected
|