rejetto forum

HFS (HTTP File Server) Multiple Vulnerabilities

CR1T1C4L · 2 · 5995
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

Offline CR1T1C4L

  • Occasional poster
  • *
    • Posts: 31
    • View Profile
on: January 08, 2009, 06:27:40 PM
Username Spoofing and Log Forging/Injection Vulnerability
HFS versions 1.5g to 2.3 Beta (and possibly version 1.5f) are vulnerable to log forging and username spoofing vulnerabilities. Remote attackers can appear to be logged in with any desired username or perform log injection in the log file and GUI panel. Technical details are included below.

[rest of the post deleted]
« Last Edit: January 09, 2009, 12:28:11 AM by rejetto »

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13510
    • View Profile
Reply #1 on: January 09, 2009, 12:33:28 AM
sorry cr1t1c4l for editing your post, it's something i rarely do. I did it because i think it would have generated confusion.
My advice is to post (next time) just the link to the article, instead of copying the full text, because the original version is more readable.
I'll do it for you ;) http://www.securiteam.com/cves/2008/CVE-2008-0405.html

Those bugs are old, fixed long time ago, and don't affect current versions, as you can read yourself. To be honest, i don't understand the sense of your action.

Pages: 1