cbcvebase.
CVE-2021-33558
published 2021-05-27

CVE-2021-33558: Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html…

PriorityP277high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEVRansomware
Exploited in the wild
EPSS
10.33%
95.1th percentile
Boa 0.94.13 allows remote attackers to obtain sensitive information via a misconfiguration involving backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, and config.js. NOTE: multiple third parties report that this is a site-specific issue because those files are not part of Boa.

Affected

1 ranges
VendorProductVersion rangeFixed in
boaboa

Detection & IOCsextracted from sources · hover to see the quote

path/js/log.js
path/backup.html
path/preview.html
path/log.html
path/email.html
path/online-users.html
path/config.js
otherServer: Boa/0.94.13
  • HTTP GET request to /js/log.js returning HTTP 200 with body containing both 'function SearchLog' and 'logTime' (case-insensitive) indicates a vulnerable/misconfigured Boa 0.94.13 instance.
  • Fingerprint exposed Boa 0.94.13 servers via the HTTP response header 'Server: Boa/0.94.13' using Shodan or FOFA queries.
  • Unauthenticated HTTP GET to the enumerated paths (backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, config.js) with a 200 response indicates information disclosure.
  • ·The vulnerable files (backup.html, preview.html, js/log.js, log.html, email.html, online-users.html, config.js) are NOT part of the Boa web server itself — this is a site-specific/device-vendor misconfiguration layered on top of Boa 0.94.13.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.