Boa: >> Boa >> 0.94.13 Security Vulnerabilities
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-12-12
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
CVSS Score
7.5
EPSS Score
0.897
Published
2021-05-27
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-10-11
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.
CVSS Score
7.5
EPSS Score
0.008
Published
2019-10-11