CVE-2000-0920

Name of the Vulnerable Software and Affected Versions BOA web server versions 0.94.8.2 and earlier

Description A directory traversal issue allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request. This is achieved by using a "%2E" instead of a "." in the request.

Recommendations For BOA web server versions 0.94.8.2 and earlier, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, disabling the use of "%2E" in GET HTTP requests may help minimize the risk of exploitation.