cbcvebase.

Hfs Http File Server vulnerabilities

6 known vulnerabilities affecting hfs/http_file_server.

Total CVEs
6
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2008-0405P3CRITICALCVSS 10.0PoC≤ 2.2b2008-01-29
CVE-2008-0405 [CRITICAL] CWE-22 CVE-2008-0405: Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account nam Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when
nvd
CVE-2008-0408P3MEDIUMCVSS 6.4PoC≤ 2.2b2008-01-29
CVE-2008-0408 [MEDIUM] CWE-287 CVE-2008-0408: HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.
nvd
CVE-2008-0407P4MEDIUMCVSS 5.0PoC≤ 2.2b2008-01-29
CVE-2008-0407 [MEDIUM] CWE-287 CVE-2008-0407: HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
nvd
CVE-2008-0410P4MEDIUMCVSS 5.0PoC≤ 2.2b2008-01-29
CVE-2008-0410 [MEDIUM] CWE-287 CVE-2008-0410: HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as %version% in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
nvd
CVE-2008-0406P4MEDIUMCVSS 5.0PoC≤ 2.2b2008-01-29
CVE-2008-0406 [MEDIUM] CWE-20 CVE-2008-0406: HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote atta HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name.
nvd
CVE-2008-0409P4MEDIUMCVSS 4.3PoC≤ 2.2b2008-01-29
CVE-2008-0409 [MEDIUM] CWE-79 CVE-2008-0409: Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attacke Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL.
nvd
Hfs Http File Server vulnerabilities | cvebase