HTTP File Server (HFS) prior to 2.2c allows remote malicious users to obtain configuration and usage details by using an id element such as <id>%version%</id> in HTTP Basic Authentication instead of a username and password, as demonstrated by placing this id element in the userinfo subcomponent of a URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hfs http file server |