CVE-2008-0407

HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
hfshttp_file_server
𝑥
≤ 2.2b
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/28631
http://securityreason.com/securityalert/3582
http://www.rejetto.com/hfs/?f=wn
http://www.securityfocus.com/archive/1/486874/100/0/threaded
http://www.securityfocus.com/bid/27423
http://www.syhunt.com/advisories/hfs-1-username.txt
http://www.syhunt.com/advisories/hfshack.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/39877
http://secunia.com/advisories/28631
http://securityreason.com/securityalert/3582
http://www.rejetto.com/hfs/?f=wn
http://www.securityfocus.com/archive/1/486874/100/0/threaded
http://www.securityfocus.com/bid/27423
http://www.syhunt.com/advisories/hfs-1-username.txt
http://www.syhunt.com/advisories/hfshack.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/39877