MidnightBSD

Advisories for nazgul

CVE-2011-0751 HIGH

Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
nazgul nostromo 0.6
nazgul nostromo 1.9
nazgul nostromo 1.7.8
nazgul nostromo 1.8.8
nazgul nostromo 1.8.7
nazgul nostromo 1.8.9
nazgul nostromo 1.8.2
nazgul nostromo 0.4
nazgul nostromo 1.7.6
nazgul nostromo 1.7.7
nazgul nostromo 1.8.4
nazgul nostromo 0.5
nazgul nostromo 1.7.5
nazgul nostromo 1.7.2
nazgul nostromo 0.7
nazgul nostromo 1.8
nazgul nostromo 0.3
nazgul nostromo 1.4
nazgul nostromo 1.3
nazgul nostromo 1.6
nazgul nostromo 1.8.3
nazgul nostromo 1.8.1
nazgul nostromo 1.7.4
nazgul nostromo 1.5
nazgul nostromo 0.1
nazgul nostromo 0.2
nazgul nostromo 1.9.2
nazgul nostromo 1.8.5
nazgul nostromo 1.8.6
nazgul nostromo 1.7.1
nazgul nostromo 1.2
nazgul nostromo 1.7.9
nazgul nostromo 0.9
nazgul nostromo 1.1
nazgul nostromo 1.7
nazgul nostromo 1.7.3
nazgul nostromo *
nazgul nostromo 1.0
nazgul nostromo 1.5.1
nazgul nostromo 0.8
nazgul nostromo 1.9.1
CVE-2019-16278 HIGH

Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,CWE-22,

Products Affected

Vendor Product Version
nazgul nostromo_nhttpd *
CVE-2019-16279 MEDIUM

A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
nazgul nostromo_nhttpd *
CVE-2022-48253

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.

Products Affected

Vendor Product Version
nazgul nostromo *