Boa File Retrieval Network Vulnerability

Summary

The remote Boa server allows an attacker to read arbitrary files on the remote web server, prefixing the pathname of the file with hex-encoded ../../.. Example: GET /%2e%2e/%2e%2e/%2e%2e/etc/passwd will return /etc/passwd.

Solution

upgrade to a later version of the server found at http://www.boa.org

Severity

Classification

CVE CVE-2000-0920

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

vqServer web traversal vulnerability
TFTP file detection (Cisco IOS)
Check for Apache Multiple / vulnerability
IlohaMail Arbitrary File Access via Language Variable
Music Daemon Denial of Service

Boa file retrieval

Take action and discover your vulnerabilities