HTTP File Server (HFS) before 2.2c allows remote attackers to append arbitrary text to the log file by using the base64 representation of this text during HTTP Basic Authentication.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/39876http://www.securityfocus.com/archive/1/486874/100/0/threadedhttp://www.rejetto.com/hfs/?f=wnhttp://www.securityfocus.com/bid/27423http://www.syhunt.com/advisories/hfs-1-username.txthttp://www.syhunt.com/advisories/hfshack.txthttp://secunia.com/advisories/28631http://securityreason.com/securityalert/3582
