Nostromo Nhttpd Webserver Directory Traversal Vulnerability Network Vulnerability

Summary

The host is running Nostromo nhttpd web server and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Solution

Upgrade to Nostromo nhttpd to 1.9.4 or later, For updates refer to http://www.nazgul.ch/dev_nostromo.html

Insight

The flaw is due to an error in validating '%2f..' sequences in the URI causing attackers to read arbitrary files.

Affected

Nostromo nhttpd Version prior to 1.9.4

References

http://www.redteam-pentesting.de/en/advisories/rt-sa-2011-001/-nostromo-nhttpd-directory-traversal-leading-to-arbitrary-command-execution
http://www.securityfocus.com/archive/1/archive/1/517026/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
IIS Service Pack - 404
IBM WebSphere Application Server Hash Collisions DOS Vulnerability
Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability

Nostromo nhttpd Webserver Directory Traversal Vulnerability

Take action and discover your vulnerabilities