Boa Webserver
by Boa
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47924 | Hig | 0.49 | 7.5 | 0.01 | Dec 30, 2024 | Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2007-4915 | 0.08 | — | 0.68 | Sep 17, 2007 | The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long… | |||
| CVE-2000-0920 | 0.04 | — | 0.08 | Dec 19, 2000 | Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." | |||
| CVE-2022-45956 | 0.00 | — | 0.01 | Dec 12, 2022 | Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | |||
| CVE-2005-0864 | 0.00 | — | 0.02 | May 2, 2005 | The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. |
- risk 0.49cvss 7.5epss 0.01
Boa web server – CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2007-4915Sep 17, 2007risk 0.08cvss —epss 0.68
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long…
- CVE-2000-0920Dec 19, 2000risk 0.04cvss —epss 0.08
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."
- CVE-2022-45956Dec 12, 2022risk 0.00cvss —epss 0.01
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
- CVE-2005-0864May 2, 2005risk 0.00cvss —epss 0.02
The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request.