VULHUB ™

FreeBSD Security Advisory FreeBSD-SA-00:60 - The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root, because it did not correctly restrict URL-encoded requests containing ".." in the path. In addition, if CGI support is enabled, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server, allowing untrusted binary execution.

FreeBSD Security Advisory FreeBSD-SA-00:60 - The boa port, versions after 0.92 but prior to 0.94.8.3, contains a vulnerability which allows remote users to view arbitrary files outside the document root, because it did not correctly restrict URL-encoded requests containing ".." in the path. In addition, if CGI support is enabled, a request for any file ending in .cgi will result in the file being executed with the privileges of the user id running the web server, allowing untrusted binary execution.