Details of VAR-201004-0516

ID

VAR-201004-0516

TITLE

HTTP File Server Security Bypass and Denial of Service Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0658

DESCRIPTION

Http File Server is an HTTP file server designed for individual users. There are two security vulnerabilities in Http File Server. Remote attackers can exploit vulnerabilities to bypass some security restrictions or perform denial of service attacks. - Append %00 characters to the URL to download any file in the password protected folder. The server will return HTTP CODE 401 instead of 200, but the file will still be transferred normally. - Some special characters '%' can cause an infinite loop and cause a denial of service attack. Exploiting these issues will allow an attacker to download files from restricted directories within the context of the application or cause denial-of-service conditions

Trust: 0.81

sources: CNVD: CNVD-2010-0658 // BID: 39544

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-0658

AFFECTED PRODUCTS

vendor:	http	model:	file server http file server	scope:	eq	version:	2.2	Trust: 0.9
vendor:	http	model:	file server http file server 2.2a	scope:	-	version:	-	Trust: 0.9
vendor:	http	model:	file server http file server 2.2b	scope:	-	version:	-	Trust: 0.9
vendor:	http	model:	file server http file server 2.2c	scope:	-	version:	-	Trust: 0.9
vendor:	http	model:	file server http file server 2.2e	scope:	-	version:	-	Trust: 0.9
vendor:	http	model:	file server http file server 2.2f	scope:	ne	version:	-	Trust: 0.3

sources: CNVD: CNVD-2010-0658 // BID: 39544

THREAT TYPE

network

Trust: 0.3

sources: BID: 39544

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 39544

PATCH

title:

HTTP File Server bypasses security restrictions and denial of service patches

url:

https://www.cnvd.org.cn/patchinfo/show/308

Trust: 0.6

sources: CNVD: CNVD-2010-0658

EXTERNAL IDS

db:	BID	id:	39544	Trust: 0.9
db:	CNVD	id:	CNVD-2010-0658	Trust: 0.6

sources: CNVD: CNVD-2010-0658 // BID: 39544

REFERENCES

url:	http://aluigi.altervista.org/adv/hfsref-adv.txt	Trust: 0.9
url:	http://www.rejetto.com/hfs/?f=intro	Trust: 0.3

sources: CNVD: CNVD-2010-0658 // BID: 39544

CREDITS

Luigi Auriemma

Trust: 0.3

sources: BID: 39544

SOURCES

db:	CNVD	id:	CNVD-2010-0658
db:	BID	id:	39544

LAST UPDATE DATE

2022-05-17T01:43:44.035000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-0658	date:	2010-04-20T00:00:00
db:	BID	id:	39544	date:	2010-04-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-0658	date:	2010-04-20T00:00:00
db:	BID	id:	39544	date:	2010-04-19T00:00:00