Author Topic: HFS (HTTP File Server) Multiple Vulnerabilities  (Read 3615 times)

0 Members and 1 Guest are viewing this topic.

Offline CR1T1C4L

  • Occasional poster
  • *
  • Posts: 31
    • View Profile
HFS (HTTP File Server) Multiple Vulnerabilities
« on: January 08, 2009, 06:27:40 PM »
Username Spoofing and Log Forging/Injection Vulnerability
HFS versions 1.5g to 2.3 Beta (and possibly version 1.5f) are vulnerable to log forging and username spoofing vulnerabilities. Remote attackers can appear to be logged in with any desired username or perform log injection in the log file and GUI panel. Technical details are included below.

[rest of the post deleted]
« Last Edit: January 09, 2009, 12:28:11 AM by rejetto »

Offline rejetto

  • Administrator
  • Tireless poster
  • *
  • Posts: 12942
    • View Profile
Re: HFS (HTTP File Server) Multiple Vulnerabilities
« Reply #1 on: January 09, 2009, 12:33:28 AM »
sorry cr1t1c4l for editing your post, it's something i rarely do. I did it because i think it would have generated confusion.
My advice is to post (next time) just the link to the article, instead of copying the full text, because the original version is more readable.
I'll do it for you ;) http://www.securiteam.com/cves/2008/CVE-2008-0405.html

Those bugs are old, fixed long time ago, and don't affect current versions, as you can read yourself. To be honest, i don't understand the sense of your action.