| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.1 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in HFS HTTP File Server up to 2.x. This impacts an unknown function. Executing a manipulation of the argument /?%0a can lead to path traversal. This vulnerability is registered as CVE-2008-0405. Furthermore, an exploit is available. It is advisable to upgrade the affected component.
Details
A vulnerability has been found in HFS HTTP File Server up to 2.x and classified as critical. This vulnerability affects an unknown functionality. The manipulation of the argument /?%0a with an unknown input leads to a path traversal vulnerability. The CWE definition for the vulnerability is CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
The weakness was published 01/28/2008 by STORM (Website). The advisory is shared for download at securityfocus.com. This vulnerability was named CVE-2008-0405 since 01/22/2008. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known. The MITRE ATT&CK project declares the attack technique as T1006.
A public exploit has been developed by Felipe M. Aragon in Python and been published even before and not after the advisory. It is possible to download the exploit at securityfocus.com. It is declared as functional. The vulnerability was handled as a non-public zero-day exploit for at least 5 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 2.2b eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (39873), Exploit-DB (31056), SecurityFocus (BID 27423†) and Secunia (SA28631†). Similar entries are available at VDB-40725, VDB-40724, VDB-40723 and VDB-40722. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.1
VulDB Base Score: 9.8
VulDB Temp Score: 9.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Functional
Author: Felipe M. Aragon
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: HTTP File Server 2.2b
Timeline
01/22/2008 🔍01/23/2008 🔍
01/23/2008 🔍
01/23/2008 🔍
01/24/2008 🔍
01/28/2008 🔍
01/28/2008 🔍
03/16/2015 🔍
11/04/2017 🔍
Sources
Advisory: securityfocus.com⛔Researcher: STORM
Status: Confirmed
CVE: CVE-2008-0405 (🔍)
GCVE (CVE): GCVE-0-2008-0405
GCVE (VulDB): GCVE-100-40720
X-Force: 39873 - HFS (HTTP File Server) unspecified command execution
SecurityFocus: 27423 - HFS HTTP File Server Multiple Security Vulnerabilities
Secunia: 28631 - HTTP File Server Multiple Vulnerabilities, Moderately Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/16/2015 13:43Updated: 11/04/2017 17:00
Changes: 03/16/2015 13:43 (57), 11/04/2017 17:00 (13)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.