nostromo nhttpd is prone to a remote command-execution vulnerability because it fails to properly validate user-supplied data. An attacker can exploit this issue to access arbitrary files and execute arbitrary commands with application-level privileges. nostromo versions prior to 1.9.4 are affected.

Updates are available. Please see the references for details.

• http://www.nazgul.ch/dev_nostromo.html
• http://www.securityfocus.com/archive/1/517026
• https://www.securityfocus.com/bid/46880

---

Updated on 2015-03-25