Skip to main content

Boa

5 CVEs product

Monthly

CVE-2022-45956 MEDIUM POC This Month

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Boa
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-44117 CRITICAL Act Now

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Boa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-33558 HIGH POC THREAT This Week

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boa
NVD GitHub
CVSS 3.1
7.5
EPSS
10.3%
CVE-2017-9833 HIGH POC THREAT Act Now

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Path Traversal Boa
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
84.5%
Threat
5.5
CVE-2016-9564 HIGH POC This Week

Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Boa
NVD
CVSS 3.0
7.5
EPSS
0.6%
EPSS 1% CVSS 5.3
MEDIUM POC This Month

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Boa
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Boa 0.94.14rc21 is vulnerable to SQL Injection via username. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Boa
NVD GitHub
EPSS 10% CVSS 7.5
HIGH POC THREAT This Week

Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boa
NVD GitHub
EPSS 85% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 84.5%.

Path Traversal Boa
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Boa
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy