HFS (HTTP File Server) Multiple Vulnerabilities

rejetto forum

February 12, 2012, 02:42:46 PM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: This forum is free, you do NOT need to register to post. But you may.
PROBLEMS? QUESTIONS? CLICK HERE!
Fill the survey!

Home

Help

rejetto forum > Software > HFS ~ HTTP File Server > Bug reports > HFS (HTTP File Server) Multiple Vulnerabilities

Pages: [1]

« previous next »

	Author	Topic: HFS (HTTP File Server) Multiple Vulnerabilities (Read 1801 times)
0 Members and 1 Guest are viewing this topic.

CR1T1C4L

Experienced poster

Offline

United States

Posts: 31

HFS (HTTP File Server) Multiple Vulnerabilities

« on: January 08, 2009, 12:27:40 PM »

Username Spoofing and Log Forging/Injection Vulnerability
HFS versions 1.5g to 2.3 Beta (and possibly version 1.5f) are vulnerable to log forging and username spoofing vulnerabilities. Remote attackers can appear to be logged in with any desired username or perform log injection in the log file and GUI panel. Technical details are included below.

[rest of the post deleted]


« Last Edit: January 08, 2009, 06:28:11 PM by rejetto »	Logged

rejetto

Administrator
Insane programmer

Offline

Italy

Posts: 11759

Re: HFS (HTTP File Server) Multiple Vulnerabilities

« Reply #1 on: January 08, 2009, 06:33:28 PM »

sorry cr1t1c4l for editing your post, it's something i rarely do. I did it because i think it would have generated confusion.
My advice is to post (next time) just the link to the article, instead of copying the full text, because the original version is more readable.
I'll do it for you Wink

http://www.securiteam.com/cves/2008/CVE-2008-0405.html

Those bugs are old, fixed long time ago, and don't affect current versions, as you can read yourself. To be honest, i don't understand the sense of your action.


	Logged

Pages: [1]

« previous next »

Google visited last this page January 30, 2012, 05:07:18 AM