Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-33558

Published: 27/05/2021 Updated: 17/05/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Boa 0.94.13 allows remote malicious users to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

boa boa 0.94.13

Github Repositories

https://github.com/anldori/CVE-2021-33558

CVE-2021-33558 POC

CVE-2021-33558 Reference: wwwcvedetailscom/cve/CVE-2021-33558 Shodan dork: product:"Boa Web Server" 09413 Payload: /backuphtml /previewhtml /js/logjs /loghtml /emailhtml /online-usershtml /configjs POC:

https://github.com/mdanzaruddin/CVE-2021-33558.

CVE : CVE-2021-33558 Exploit code of CVE-2021-33558 Summary In Boa/09413 there is various misconfigurationit expose various senstive information Proof of Concept targetcom/backuphtml targetcom/previewhtml targetcom/js/logjs targetcom/loghtml targetcom/emailhtml targetcom/online-usershtml

Recent Articles

Still using a discontinued Boa web server? Microsoft warns of supply chain attacks
The Register

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Flaws in the open-source tool exploited – and India's power grid was a target

Microsoft is warning that systems using the long-discontinued Boa web server could be at risk of attacks after a series of intrusion attempts of power grid operations in India likely included exploiting security flaws in the technology. Researchers with Microsoft's Security Threat Intelligence unit examined an April report from cybersecurity company Recorded Future about the intrusion efforts into India's power grid dating back to 2020 and, more recently, into a national emergency response syste...

Read more...

References

NVD-CWE-noinfohttps://github.com/mdanzaruddin/CVE-2021-33558.https://sourceforge.net/projects/boa/files/boa/0.94.13/https://github.com/mdanzaruddin/CVE-2021-33558./issues/1https://nvd.nist.govhttps://github.com/anldori/CVE-2021-33558https://www.theregister.co.uk/2022/11/23/microsoft_boa_web_server/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073CVE-2024-5496CVE-2024-5495XPath injectionbypassCVE-2024-30043CVE-2024-24919denial of serviceCVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook