Summary
The host is running Nostromo nhttpd web server and is prone to directory traversal vulnerability.
Impact
Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application.
Impact Level: Application
Solution
Upgrade to Nostromo nhttpd to 1.9.4 or later,
For updates refer to http://www.nazgul.ch/dev_nostromo.html
Insight
The flaw is due to an error in validating '%2f..' sequences in the URI causing attackers to read arbitrary files.
Affected
Nostromo nhttpd Version prior to 1.9.4
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- JBoss Enterprise Application Platform Multiple Vulnerabilities
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- Apache Tomcat Multiple Security Bypass Vulnerabilities (Windows)
- IBM WebSphere Application Server JSF Application Information Disclosure Vulnerability
- BadBlue invalid null byte vulnerability