hfs 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、パス処理の欠陥, and vendor risk input validation があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact unexpected behavior、ファイル上書き, and vendor impact session compromise などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-0410 | HTTP File Server (HFS) before 2.2c allows remote attackers to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL. | [email protected] | 5.0 | 0.78% | 2008-01-29 | 2026-04-23 |
| CVE-2008-0409 | Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. | [email protected] | 4.3 | 0.50% | 2008-01-29 | 2026-04-23 |
| CVE-2008-0408 | HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication. | [email protected] | 6.4 | 0.78% | 2008-01-29 | 2026-04-23 |
| CVE-2008-0407 | HTTP File Server (HFS) before 2.2c tags HTTP request log entries with the username sent during HTTP Basic Authentication, regardless of whether authentication succeeded, which might make it more difficult for an administrator to determine who made a remote request. | [email protected] | 5.0 | 0.58% | 2008-01-29 | 2026-04-23 |
| CVE-2008-0406 | HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allows remote attackers to cause a denial of service (daemon crash) via a long account name. | [email protected] | 5.0 | 7.54% | 2008-01-29 | 2026-04-23 |
| CVE-2008-0405 | Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data. | [email protected] | 10.0 | 1.26% | 2008-01-29 | 2026-04-23 |