CVE-2008-0410
29.01.2008, 00:00
HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.Enginsight
Vendor | Product | Version |
---|---|---|
hfs | http_file_server | 𝑥 ≤ 2.2b |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References