CVE-2008-0405

NONECVSS 0.0

0.0

Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.

🔗 References (16)

cve@mitrehttp://secunia.com/advisories/28631
cve@mitrehttp://securityreason.com/securityalert/3581
cve@mitrehttp://www.rejetto.com/hfs/?f=wn
cve@mitrehttp://www.securityfocus.com/archive/1/486873/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/27423
cve@mitrehttp://www.syhunt.com/advisories/hfs-1-log.txt
cve@mitrehttp://www.syhunt.com/advisories/hfshack.txt
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/39873
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28631
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3581
af854a3a-2127-422b-91ae-364da2661108http://www.rejetto.com/hfs/?f=wn
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/486873/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27423
af854a3a-2127-422b-91ae-364da2661108http://www.syhunt.com/advisories/hfs-1-log.txt
af854a3a-2127-422b-91ae-364da2661108http://www.syhunt.com/advisories/hfshack.txt

Is Your Infrastructure Affected by CVE-2008-0405?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-0405

📅 Published

🔄 Last Modified

🔗 References (16)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-0405?