Directory Traversal Vulnerability in BOA Web Server by Zyvex Corporation
CVE-2000-0920

Currently unrated

Key Information:

Vendor

Boa

Status
Boa Webserver
Vendor
CVE Published:
19 December 2000

What is CVE-2000-0920?

The BOA web server version 0.94.8.2 and earlier is prone to a directory traversal vulnerability, allowing attackers to exploit the server by crafting HTTP GET requests. By using encoded paths with a '%2E' sequence, an attacker can bypass file access restrictions and read sensitive local files on the server. This vulnerability poses significant risks as it can lead to the exposure of confidential information and impact system integrity.

References

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD...
vendor-advisoryx_refsource_FREEBSD
http://archives.neohapsis.com/archives/bugtraq/2000-10/00...
mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/5330
vdb-entryx_refsource_XF

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.