{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-03-15T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"}, {"name": "nostromo-http-command-execution(66103)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.nazgul.ch/dev_nostromo.html"}, {"name": "46880", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46880"}, {"name": "20110315 [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/517026/100/0/threaded"}, {"name": "ADV-2011-0674", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0674"}, {"name": "71235", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/71235"}, {"name": "43775", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43775"}, {"name": "8140", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/8140"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-0751", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001", "refsource": "MISC", "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"}, {"name": "nostromo-http-command-execution(66103)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"}, {"name": "http://www.nazgul.ch/dev_nostromo.html", "refsource": "CONFIRM", "url": "http://www.nazgul.ch/dev_nostromo.html"}, {"name": "46880", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46880"}, {"name": "20110315 [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/517026/100/0/threaded"}, {"name": "ADV-2011-0674", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0674"}, {"name": "71235", "refsource": "OSVDB", "url": "http://osvdb.org/71235"}, {"name": "43775", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43775"}, {"name": "8140", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/8140"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T22:05:53.747Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"}, {"name": "nostromo-http-command-execution(66103)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.nazgul.ch/dev_nostromo.html"}, {"name": "46880", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46880"}, {"name": "20110315 [RT-SA-2011-001] nostromo nhttpd directory traversal leading to arbitrary command execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/517026/100/0/threaded"}, {"name": "ADV-2011-0674", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0674"}, {"name": "71235", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/71235"}, {"name": "43775", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43775"}, {"name": "8140", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/8140"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-0751", "datePublished": "2011-03-16T22:00:00.000Z", "dateReserved": "2011-02-02T00:00:00.000Z", "dateUpdated": "2024-08-06T22:05:53.747Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nazgul:nostromo:*:*:*:*:*:*:*:*", "matchCriteriaId": "1712FA1D-30AE-4CA2-BE43-82B221A76393", "versionEndIncluding": "1.9.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B40BF39C-D220-43E6-B49F-DF0FEDD3C6C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8C14A772-5501-4535-8F20-C03192944931", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C7CAACE9-0AE1-4193-AF1B-0AAC8D6BD92A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.4:*:*:*:*:*:*:*", "matchCriteriaId": "89411B49-425D-45CD-A0BA-D1ECEADEFDFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.5:*:*:*:*:*:*:*", "matchCriteriaId": "511D6125-BB41-47DB-81BD-8677DF69E575", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AE62E8A6-86DA-46F7-8960-1A4227F10BB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "0BF01B03-BEF9-4D57-8D4C-86E63D865039", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "FD82EF21-3560-42BA-9BBA-52ABDABDC306", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "B6BC4221-C651-46B0-ABC6-C0DFB734AF53", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "97980A75-048E-48AA-A8F1-83CAD7A93633", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "7253E0F8-A92E-4815-AB41-388CC5C0A8EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E82CEB7C-184B-429D-8325-077DABA2AFF0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "7CAB9758-5148-4911-B5CE-9BEA925A587F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "43ACA99C-E531-465E-B72D-56F261DBE507", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "95D887DB-D495-4092-9BCB-9970519FC1F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "015AB944-7E98-41A2-9F30-8BA58B9123D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "16D2B2A6-4E36-4E60-9A82-F83E2BA73458", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "E344B7B6-6846-4584-B44D-8A856E50723F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D592BA5D-1384-4779-9184-8186D00861C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "248EC586-B462-4954-B0FE-7D20E15D948E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.3:*:*:*:*:*:*:*", "matchCriteriaId": "E97E995D-E71B-4BE3-89B4-4D1B6F6C4A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.4:*:*:*:*:*:*:*", "matchCriteriaId": "E8F64C74-78A9-43AD-86A0-005F3AAACD60", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0AB4D9C9-7DB4-4149-999D-1CC8B986E673", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.6:*:*:*:*:*:*:*", "matchCriteriaId": "8D4B0FA9-16EB-404E-BEA2-D5E567B4D7E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.7:*:*:*:*:*:*:*", "matchCriteriaId": "8DC050F8-EB80-4A49-8DC9-73A8D9D9A3B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.8:*:*:*:*:*:*:*", "matchCriteriaId": "F04F7F2F-1510-4647-9E1F-4556B7B0E418", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.7.9:*:*:*:*:*:*:*", "matchCriteriaId": "25503001-E6E7-4340-8D3A-891CF5F1EB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "1C1043CB-BECA-4157-8369-01F48CFD0463", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "731F0A15-34A8-4E99-B0CC-9988F747960E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "0FBEC218-FA8D-4442-A7D5-9C148996BCAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "9CB7A6FC-0D8E-4B6B-A7B9-73A86B37F434", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "C9EF4710-B396-4625-8044-2D1288C98C48", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.5:*:*:*:*:*:*:*", "matchCriteriaId": "8BDCA758-0E92-482E-A318-B7828591B191", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "39202018-5B6F-434D-BB05-5284D7FBAE9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "0C7AA722-C8DE-431C-9461-57BE60492E6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "7F2C6E2C-ADEB-4E61-8023-116D55A4A743", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "B89D8FDC-3501-493F-BEEE-4CE2748F4D2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.9:*:*:*:*:*:*:*", "matchCriteriaId": "380E61CF-8159-4DD4-A90B-8342DFCFBDE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "787968DD-0659-4FD4-AA2D-EBAAF936AEBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:nazgul:nostromo:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "C88C151B-F65C-48A8-9433-8DB88BF71A0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en nhttpd (tambi\u00e9n conocido como Nostromo webserver) anterior a v1.9.4, permite a atacantes remotos ejecutar programas o leer ficheros de su elecci\u00f3n al utilizar caracteres ..%2f (../ codificada) en una URI."}], "id": "CVE-2011-0751", "lastModified": "2026-04-29T01:13:23.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-03-16T22:55:04.153", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/71235"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/43775"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/8140"}, {"source": "cve@mitre.org", "url": "http://www.nazgul.ch/dev_nostromo.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/517026/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/46880"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2011/0674"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/71235"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/43775"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/8140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.nazgul.ch/dev_nostromo.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.redteam-pentesting.de/advisories/rt-sa-2011-001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/517026/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2011/0674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66103"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}