rejetto forum

Software => HFS ~ HTTP File Server => Bug reports => Topic started by: CR1T1C4L on January 08, 2009, 06:27:40 PM

Title: HFS (HTTP File Server) Multiple Vulnerabilities
Post by: CR1T1C4L on January 08, 2009, 06:27:40 PM

Username Spoofing and Log Forging/Injection Vulnerability
HFS versions 1.5g to 2.3 Beta (and possibly version 1.5f) are vulnerable to log forging and username spoofing vulnerabilities. Remote attackers can appear to be logged in with any desired username or perform log injection in the log file and GUI panel. Technical details are included below.

[rest of the post deleted]

Title: Re: HFS (HTTP File Server) Multiple Vulnerabilities
Post by: rejetto on January 09, 2009, 12:33:28 AM

sorry cr1t1c4l for editing your post, it's something i rarely do. I did it because i think it would have generated confusion.
My advice is to post (next time) just the link to the article, instead of copying the full text, because the original version is more readable.
I'll do it for you ;) http://www.securiteam.com/cves/2008/CVE-2008-0405.html

Those bugs are old, fixed long time ago, and don't affect current versions, as you can read yourself. To be honest, i don't understand the sense of your action.