CVE-2021-33558

** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
References
Link Resource
https://github.com/mdanzaruddin/CVE-2021-33558. Exploit Third Party Advisory
https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 Issue Tracking Third Party Advisory
https://sourceforge.net/projects/boa/files/boa/0.94.13/ Release Notes Third Party Advisory
https://github.com/mdanzaruddin/CVE-2021-33558. Exploit Third Party Advisory
https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 Issue Tracking Third Party Advisory
https://sourceforge.net/projects/boa/files/boa/0.94.13/ Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:boa:boa:0.94.13:*:*:*:*:*:*:*

History

21 Nov 2024, 06:09

Type Values Removed Values Added
References () https://github.com/mdanzaruddin/CVE-2021-33558. - Exploit, Third Party Advisory () https://github.com/mdanzaruddin/CVE-2021-33558. - Exploit, Third Party Advisory
References () https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 - Issue Tracking, Third Party Advisory () https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 - Issue Tracking, Third Party Advisory
References () https://sourceforge.net/projects/boa/files/boa/0.94.13/ - Release Notes, Third Party Advisory () https://sourceforge.net/projects/boa/files/boa/0.94.13/ - Release Notes, Third Party Advisory

23 Feb 2023, 02:25

Type Values Removed Values Added
Summary Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. ** DISPUTED ** Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
CWE CWE-200 NVD-CWE-noinfo
References
  • (MISC) https://github.com/mdanzaruddin/CVE-2021-33558./issues/1 - Issue Tracking, Third Party Advisory

04 Jun 2021, 19:33

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:boa:boa:0.94.13:*:*:*:*:*:*:*
CWE CWE-200
References (MISC) https://github.com/mdanzaruddin/CVE-2021-33558. - (MISC) https://github.com/mdanzaruddin/CVE-2021-33558. - Exploit, Third Party Advisory
References (MISC) https://sourceforge.net/projects/boa/files/boa/0.94.13/ - (MISC) https://sourceforge.net/projects/boa/files/boa/0.94.13/ - Release Notes, Third Party Advisory

27 May 2021, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-27 11:15

Updated : 2024-11-21 06:09


NVD link : CVE-2021-33558

Mitre link : CVE-2021-33558

CVE.ORG link : CVE-2021-33558


JSON object : View

Products Affected

boa

  • boa