Boa Web Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Boa Web Server.
By the Year
In 2025 there have been 0 vulnerabilities in Boa Web Server. Last year, in 2024 Boa Web Server had 2 security vulnerabilities published. Right now, Boa Web Server is on track to have less security vulnerabilities in 2025 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 0 | 0.00 |
| 2024 | 2 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 2 | 7.55 |
| 2021 | 1 | 7.50 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 8.65 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Boa Web Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Boa Web Server Security Vulnerabilities
Boa Web Server: Cross-Site Scripting (XSS) Vulnerability in Web Page Generation
CVE-2024-47924
- December 30, 2024
Boa web server CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
XSS
Boa Web Server Path Traversal Vulnerability
CVE-2024-47916
- November 14, 2024
Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method
CVE-2022-45956
5.3 - Medium
- December 12, 2022
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.
AuthZ
Boa 0.94.14rc21 is vulnerable to SQL Injection via username
CVE-2022-44117
9.8 - Critical
- November 23, 2022
Boa 0.94.14rc21 is vulnerable to SQL Injection via username. NOTE: the is disputed by multiple third parties because Boa does not ship with any support for SQL.
SQL Injection
Boa 0.94.13 allows remote attackers to obtain sensitive information
CVE-2021-33558
7.5 - High
- May 27, 2021
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.
Boa through 0.94.14rc21
CVE-2018-21027
9.8 - Critical
- October 11, 2019
Boa through 0.94.14rc21 allows remote attackers to trigger an out-of-memory (OOM) condition because malloc is mishandled.
Buffer Overflow
Boa through 0.94.14rc21
CVE-2018-21028
7.5 - High
- October 11, 2019
Boa through 0.94.14rc21 allows remote attackers to trigger a memory leak because of missing calls to the free function.
Missing Release of Resource after Effective Lifetime
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "
CVE-2017-9833
7.5 - High
- June 24, 2017
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one type of camera) because Boa does not include any wapopen program or any code to read a FILECAMERA variable.
Directory traversal
Buffer overflow in send_redirect() in Boa Webserver 0.92r
CVE-2016-9564
7.5 - High
- November 30, 2016
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Boa Web Server or by Boa? Click the Watch button to subscribe.
