Unrated severityNVD Advisory· Published Jan 29, 2008· Updated Jun 16, 2026
CVE-2008-0405
CVE-2008-0405
Description
Multiple directory traversal vulnerabilities in HTTP File Server (HFS) before 2.2c, when account names are used as log filenames, allow remote attackers to create arbitrary (1) files and (2) directories via a .. (dot dot) in an account name, when requesting the / URI; and (3) append arbitrary data to a file via a .. (dot dot) in an account name, when requesting a URI composed of a "/?%0a" sequence followed by the data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <2.2c
Patches
Vulnerability mechanics
References
8- www.rejetto.com/hfs/nvdExploit
- www.syhunt.com/advisories/hfshack.txtnvdExploit
- secunia.com/advisories/28631nvdVendor Advisory
- securityreason.com/securityalert/3581nvd
- www.securityfocus.com/archive/1/486873/100/0/threadednvd
- www.securityfocus.com/bid/27423nvd
- www.syhunt.com/advisories/hfs-1-log.txtnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39873nvd
News mentions
0No linked articles in our index yet.