CVE-2007-4915

Boa Webserver 0.93.15 - Remote Admin Password Change via Long Username in HTTP Basic Authentication

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-4915. PoCs published by ikki, Luca Carettoni, Luca, including Metasploit module auxiliary/admin/http/intersil_pass_reset.

AI-analyzed exploit summary This exploit bypasses HTTP Basic Authentication in Boa/0.93.15 by sending an excessively long username, allowing an attacker to set a new password without proper authentication. The PoC uses Python's urllib2 to send a crafted request.

Description

The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.

Exploits (3)

exploitdb WORKING POC VERIFIED
by ikki · pythonremotelinux
https://www.exploit-db.com/exploits/4542

This exploit bypasses HTTP Basic Authentication in Boa/0.93.15 by sending an excessively long username, allowing an attacker to set a new password without proper authentication. The PoC uses Python's urllib2 to send a crafted request.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Boa/0.93.15 (with Intersil Extensions)
No auth needed
Prerequisites: Network access to the target server · Boa/0.93.15 with Intersil Extensions running
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Luca Carettoni · pythondoslinux
https://www.exploit-db.com/exploits/30584

This exploit leverages an authentication bypass vulnerability in Boa web server by overwriting the password via a crafted HTTP request. It uses a long username to trigger the vulnerability and sets a new password to gain unauthorized access.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Boa 0.93.15 (with Intersil Extensions)
No auth needed
Prerequisites: Boa web server with Intersil Extensions installed · Network access to the target server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Luca · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/intersil_pass_reset.rb

This Metasploit module exploits a buffer overflow in Boa HTTP Server (0.93.x - 0.94.11) to bypass basic authentication by sending a long username (127+ bytes) that overwrites the password in memory, allowing password reset or DoS.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Boa HTTP Server 0.93.x - 0.94.11
No auth needed
Prerequisites: Network access to the Boa HTTP Server · Basic authentication enabled on the target URI
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Various Sources x_refsource_misc
http://www.ikkisoft.com/stuff/SN-2007-02.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/489009/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3151
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4542
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25676
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/479434/100/0/threaded

Scores

EPSS 0.8249
EPSS Percentile 99.3%

Details

CWE
CWE-20
Status published
Products (1)
boa/boa_webserver 0.93.15
Published Sep 17, 2007
Tracked Since Feb 18, 2026