ID
VAR-200712-0494
TITLE
HFS HTTP File Server Arbitrary File Upload Vulnerability
Trust: 0.3
sources:
BID: 26732
DESCRIPTION
HFS HTTP File Server is prone to a vulnerability that lets attackers upload files and place them in arbitrary locations on the server. The issue occurs because the software fails to adequately sanitize user-supplied input. A successful exploit may allow the attacker to upload malicious files and potentially execute them; this may lead to various attacks. This issue affects versions prior to HTTP File Server 2.2b.
Trust: 0.3
sources:
BID: 26732
AFFECTED PRODUCTS
| vendor: | http | model: | file server http file server beta | scope: | eq | version: | 2.3 | Trust: 0.3 |
| vendor: | http | model: | file server http file server 2.2a | scope: | - | version: | - | Trust: 0.3 |
| vendor: | http | model: | file server http file server | scope: | eq | version: | 2.2 | Trust: 0.3 |
| vendor: | http | model: | file server http file server 2.2b | scope: | ne | version: | - | Trust: 0.3 |
sources:
BID: 26732
THREAT TYPE
network
Trust: 0.3
sources:
BID: 26732
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 26732
EXTERNAL IDS
| db: | BID | id: | 26732 | Trust: 0.3 |
sources:
BID: 26732
REFERENCES
| url: | http://www.rejetto.com/hfs/ | Trust: 0.3 |
| url: | http://aluigi.altervista.org/adv/hfsup-adv.txt | Trust: 0.3 |
| url: | /archive/1/484762 | Trust: 0.3 |
sources:
BID: 26732
CREDITS
Luigi Auriemma is credited with the discovery of this vulnerability.
Trust: 0.3
sources:
BID: 26732
SOURCES
| db: | BID | id: | 26732 |
LAST UPDATE DATE
2022-05-17T01:39:13.370000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 26732 | date: | 2007-12-08T02:42:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 26732 | date: | 2007-12-05T00:00:00 |