Nazgul: Security Vulnerabilities
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.
CVSS Score
9.8
EPSS Score
0.189
Published
2023-01-11
CVE-2019-16278
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Known exploited
CVSS Score
9.8
EPSS Score
0.944
Published
2019-10-14
A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.
CVSS Score
7.5
EPSS Score
0.902
Published
2019-10-14
Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.
CVSS Score
7.5
EPSS Score
0.081
Published
2011-03-16