Summary
The host is running Nostromo nhttpd web server and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to Nostromo nhttpd to 1.9.4 or later,
For updates refer to http://www.nazgul.ch/dev_nostromo.html
Insight
The flaw is due to an error in validating '%2f..' sequences in the URI causing attackers to read arbitrary files.
Affected
Nostromo nhttpd Version prior to 1.9.4
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability
- CA ARCserver D2D GWT RPC Request Multiple Vulnerabilities
- IIS Service Pack - 404
- IBM WebSphere Application Server Hash Collisions DOS Vulnerability
- Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability