Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0751

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-0751
Last Modified 21 Sep 2011 11:28:50
Published 16 Mar 2011 06:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-0751

Summary

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.

Vulnerable Systems

Application

  • Nazgul Nostromo 0.1

  • Nazgul Nostromo 0.2

  • Nazgul Nostromo 0.3

  • Nazgul Nostromo 0.4

  • Nazgul Nostromo 0.5

  • Nazgul Nostromo 0.6

  • Nazgul Nostromo 0.7

  • Nazgul Nostromo 0.8

  • Nazgul Nostromo 0.9

  • Nazgul Nostromo 1.0

  • Nazgul Nostromo 1.1

  • Nazgul Nostromo 1.2

  • Nazgul Nostromo 1.3

  • Nazgul Nostromo 1.4

  • Nazgul Nostromo 1.5

  • Nazgul Nostromo 1.5.1

  • Nazgul Nostromo 1.6

  • Nazgul Nostromo 1.7

  • Nazgul Nostromo 1.7.1

  • Nazgul Nostromo 1.7.2

  • Nazgul Nostromo 1.7.3

  • Nazgul Nostromo 1.7.4

  • Nazgul Nostromo 1.7.5

  • Nazgul Nostromo 1.7.6

  • Nazgul Nostromo 1.7.7

  • Nazgul Nostromo 1.7.8

  • Nazgul Nostromo 1.7.9

  • Nazgul Nostromo 1.8

  • Nazgul Nostromo 1.8.1

  • Nazgul Nostromo 1.8.2

  • Nazgul Nostromo 1.8.3

  • Nazgul Nostromo 1.8.4

  • Nazgul Nostromo 1.8.5

  • Nazgul Nostromo 1.8.6

  • Nazgul Nostromo 1.8.7

  • Nazgul Nostromo 1.8.8

  • Nazgul Nostromo 1.8.9

  • Nazgul Nostromo 1.9

  • Nazgul Nostromo 1.9.1

  • Nazgul Nostromo 1.9.2

  • Nazgul Nostromo 1.9.3


References

XF - nostromo-http-command-execution(66103)

VUPEN - ADV-2011-0674

BID - 46880

BUGTRAQ - 20110315 [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2011-001

CONFIRM - http://www.nazgul.ch/dev_nostromo.html

SREASON - 8140

SECUNIA - 43775

OSVDB - 71235


Last Updated: 27 May 2016 10:56:02