rejetto forum

HFS (HTTP File Server) Multiple Vulnerabilities

0 Members and 1 Guest are viewing this topic.

Offline CR1T1C4L

  • Occasional poster
  • *
    • Posts: 31
    • View Profile
Username Spoofing and Log Forging/Injection Vulnerability
HFS versions 1.5g to 2.3 Beta (and possibly version 1.5f) are vulnerable to log forging and username spoofing vulnerabilities. Remote attackers can appear to be logged in with any desired username or perform log injection in the log file and GUI panel. Technical details are included below.

[rest of the post deleted]
« Last Edit: January 09, 2009, 12:28:11 AM by rejetto »

Offline rejetto

  • Administrator
  • Tireless poster
  • *****
    • Posts: 13517
    • View Profile
sorry cr1t1c4l for editing your post, it's something i rarely do. I did it because i think it would have generated confusion.
My advice is to post (next time) just the link to the article, instead of copying the full text, because the original version is more readable.
I'll do it for you ;)

Those bugs are old, fixed long time ago, and don't affect current versions, as you can read yourself. To be honest, i don't understand the sense of your action.