CVE-2011-0751

Nazgul Nostromo < 1.9.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RedTeam Pentesting GmbH · bashremotelinux

https://www.exploit-db.com/exploits/35466

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] http://osvdb.org/71235

[Various Sources] http://www.nazgul.ch/dev_nostromo.html

[Exploit] http://www.redteam-pentesting.de/advisories/rt-sa-2011-001

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/66103

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/517026/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/46880

[Third Party Advisory] http://secunia.com/advisories/43775

[Third Party Advisory] http://www.vupen.com/english/advisories/2011/0674

[Third Party Advisory] http://securityreason.com/securityalert/8140

Scores

EPSS 0.0692

EPSS Percentile 91.4%

Details

CWE

CWE-22

Status published

Products (41)

nazgul/nostromo 0.1

nazgul/nostromo 0.2

nazgul/nostromo 0.3

nazgul/nostromo 0.4

nazgul/nostromo 0.5

nazgul/nostromo 0.6

nazgul/nostromo 0.7

nazgul/nostromo 0.8

nazgul/nostromo 0.9

nazgul/nostromo 1.0

... and 31 more

Published Mar 16, 2011

Tracked Since Feb 18, 2026