CVE-2008-0408 Information

Description

HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.

Reference

http://secunia.com/advisories/28631 http://securityreason.com/securityalert/3582 http://www.rejetto.com/hfs/?f=wn http://www.securityfocus.com/archive/1/486874/100/0/threaded http://www.securityfocus.com/bid/27423 http://www.syhunt.com/advisories/hfs-1-username.txt http://www.syhunt.com/advisories/hfshack.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39876