CVE-2004-1182 | SynScan

Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2004-1182

hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.

Published: Dec 31, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1182
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hylafax / hylafax	4.1.8	4.1.8.x
hylafax / hylafax	4.1_beta1	4.1_beta1.x
hylafax / hylafax	4.1.6	4.1.6.x
hylafax / hylafax	4.1.7	4.1.7.x
hylafax / hylafax	4.1.2	4.1.2.x
hylafax / hylafax	4.1.1	4.1.1.x
hylafax / hylafax	4.1_beta2	4.1_beta2.x
hylafax / hylafax	4.1.3	4.1.3.x
hylafax / hylafax	4.1_beta3	4.1_beta3.x
hylafax / hylafax	4.2.0	4.2.0.x
hylafax / hylafax	4.1.5	4.1.5.x