CVE-2019-16278β€”Nostromo nhttpd Directory Traversal Vulnerability

PUBLISHEDvulnerability record
2024-11-07 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2019-16278
Project:
Nostromo
Product:
nhttpd
Date Added:
2024-11-07
Due Date:
2024-11-28
Last Updated:
June 21, 2025

Vulnerability Name

Nostromo nhttpd Directory Traversal Vulnerability

Description

Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related Weaknesses