Insecure HEAD Method Bypass in Boa Web Server Versions 0.94.13-0.94.14

Insecure HEAD Method Bypass in Boa Web Server Versions 0.94.13-0.94.14

CVE-2022-45956 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.

Learn more about our Web App Pen Testing.