CVE-2008-0407
Published Jan 29, 2008
Last updated 6 years ago
Overview
- Description
- HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hfs:http_file_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "61CA8887-6726-40E3-B6DD-323BF32488C6",
"versionEndIncluding": "2.2b"
}
],
"operator": "OR"
}
]
}
]