exploitDog

CVE-2022-48253

Опубликовано: 11 янв. 2023

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.

Ссылки

https://nazgul.ch/dev/nostromo_cl.txt
Release Notes
Vendor Advisory
https://www.soteritsecurity.com/blog/2023/01/nostromo_from_directory_traversal_to_RCE.html
Exploit
Third Party Advisory
https://nazgul.ch/dev/nostromo_cl.txt
Release Notes
Vendor Advisory
https://www.soteritsecurity.com/blog/2023/01/nostromo_from_directory_traversal_to_RCE.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nazgul:nostromo:*:*:*:*:*:*:*:*

Версия до 2.1 (исключая)

EPSS

Процентиль: 97%

0.32303

Средний

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22

Связанные уязвимости

GHSA-gg3r-g8xg-rm82

CVSS3: 9.8

github

около 3 лет назад

nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used.

EPSS

Процентиль: 97%

0.32303

Средний

9.8 Critical

CVSS3

Дефекты

CWE-22

CWE-22