CVE-2019-16278
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-16278
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
nostromo nhttpd 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
nostromo nhttpd是一款开源的Web服务器。 nostromo nhttpd 1.9.6及之前版本中的‘http_verify’函数存在路径遍历漏洞。该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2019-16278
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Directory transversal to remote code execution | https://github.com/jas502n/CVE-2019-16278 | POC Details |
| 2 | CVE-2019-16728 Proof of Concept | https://github.com/imjdl/CVE-2019-16278-PoC | POC Details |
| 3 | CVE-2019-16278Nostromo httpd命令执行 | https://github.com/ianxtianxt/CVE-2019-16278 | POC Details |
| 4 | CVE-2019-16278 Python3 Exploit Code | https://github.com/darkerego/Nostromo_Python3 | POC Details |
| 5 | A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Simply takes a host and port that the web server is running on. | https://github.com/AnubisSec/CVE-2019-16278 | POC Details |
| 6 | Python script to exploit RCE in Nostromo nhttpd <= 1.9.6. | https://github.com/theRealFr13nd/CVE-2019-16278-Nostromo_1.9.6-RCE | POC Details |
| 7 | (Nhttpd) Nostromo 1.9.6 RCE due to Directory Traversal | https://github.com/Kr0ff/cve-2019-16278 | POC Details |
| 8 | CVE-2019-16278:Nostromo Web服务器的RCE漏洞 | https://github.com/NHPT/CVE-2019-16278 | POC Details |
| 9 | Exploit for the CVE-2019-16278 vulnerability | https://github.com/keshiba/cve-2019-16278 | POC Details |
| 10 | None | https://github.com/crypticdante/CVE-2019-16278 | POC Details |
| 11 | A quick python exploit for the Nostromo 1.9.6 remote code execution vulnerability. Only takes in host and port of web server as required arguments. | https://github.com/alexander-fernandes/CVE-2019-16278 | POC Details |
| 12 | This is a exploit of CVE-2019-16278 for Nostromo 1.9.6 RCE. This exploit allows RCE on the victim machine. | https://github.com/FredBrave/CVE-2019-16278-Nostromo-1.9.6-RCE | POC Details |
| 13 | Nostromo 1.9.6 reverse shell | https://github.com/0xTabun/CVE-2019-16278 | POC Details |
| 14 | None | https://github.com/H3xL00m/CVE-2019-16278 | POC Details |
| 15 | Python script to exploit RCE in Nostromo nhttpd <= 1.9.6. | https://github.com/aN0mad/CVE-2019-16278-Nostromo_1.9.6-RCE | POC Details |
| 16 | None | https://github.com/n3ov4n1sh/CVE-2019-16278 | POC Details |
| 17 | None | https://github.com/c0d3cr4f73r/CVE-2019-16278 | POC Details |
| 18 | None | https://github.com/Sp3c73rSh4d0w/CVE-2019-16278 | POC Details |
| 19 | None | https://github.com/0xwh1pl4sh/CVE-2019-16278 | POC Details |
| 20 | None | https://github.com/N3rdyN3xus/CVE-2019-16278 | POC Details |
| 21 | None | https://github.com/NyxByt3/CVE-2019-16278 | POC Details |
| 22 | None | https://github.com/h3xcr4ck3r/CVE-2019-16278 | POC Details |
| 23 | None | https://github.com/n3rdh4x0r/CVE-2019-16278 | POC Details |
| 24 | This repository contains an exploit for CVE-2019-16278 in Nostromo Web Server 1.9.6, allowing remote code execution via a directory traversal vulnerability. The script uses pwntools to establish a reverse shell. For educational and authorized testing use only. | https://github.com/cancela24/CVE-2019-16278-Nostromo-1.9.6-RCE | POC Details |
| 25 | An unauthenticated attacker can force server points to a shell file like ‘/bin/sh’ and execute arbitrary commands due to the failure in verifying the URL which leads to path traversal to any file that exists in the system. Nostromo’s versions such as 1.9.6 fail to verify this URL | https://github.com/CybermonkX/CVE-2019-16278_Nostromo-1.9.6---Remote-Code-Execution | POC Details |
| 26 | nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-16278.yaml | POC Details |
| 27 | None | https://github.com/h3x0v3rl0rd/CVE-2019-16278 | POC Details |
| 28 | Remote Code Execution exploit for Nostromo nhttpd ≤ 1.9.6. Exploits directory traversal vulnerability using URL-encoded CRLF characters to execute arbitrary commands | https://github.com/andknownmaly/CVE-2019-16278 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2019-16278
请登录查看更多情报信息。
- http://www.nazgul.ch/dev/nostromo_cl.txtx_refsource_MISC
- https://git.sp0re.sh/sp0re/Nhttpd-exploitsx_refsource_MISC
- https://sp0re.shx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2019-16278
Same Patch Batch · n/a · 2019-10-14 · 37 CVEs total
| CVE-2019-17539 | FFmpeg 代码问题漏洞 | |
| CVE-2019-9745 | CloudCTI HIP Integrator Recognition Configuration Tool 安全漏洞 | |
| CVE-2019-17575 | WBCE CMS 代码注入漏洞 | |
| CVE-2019-16344 | Sensorweb ScadaBR 跨站脚本漏洞 | |
| CVE-2019-17574 | WordPress Popup Maker插件安全漏洞 | |
| CVE-2019-17552 | idreamsoft iCMS SQL注入漏洞 | |
| CVE-2019-17553 | MetInfo SQL注入漏洞 | |
| CVE-2019-17408 | ZZZCMS zzzphp 输入验证错误漏洞 | |
| CVE-2019-17501 | Centreon 操作系统命令注入漏洞 | |
| CVE-2019-17579 | SonarSource SonarQube 跨站脚本漏洞 | |
| CVE-2019-17540 | ImageMagick Studio ImageMagick 缓冲区错误漏洞 | |
| CVE-2019-17542 | FFmpeg 输入验证错误漏洞 | |
| CVE-2019-17543 | LZ4 缓冲区错误漏洞 | |
| CVE-2019-17544 | GNU Aspell 缓冲区错误漏洞 | |
| CVE-2019-17545 | GDAL 资源管理错误漏洞 | |
| CVE-2019-17547 | ImageMagick Studio ImageMagick 资源管理错误漏洞 | |
| CVE-2019-17546 | Silicon Graphics LibTIFF 输入验证错误漏洞 | |
| CVE-2019-17541 | ImageMagick Studio ImageMagick 资源管理错误漏洞 | |
| CVE-2019-17044 | BMC Software Patrol Agent 安全漏洞 | |
| CVE-2019-17595 | ncurses 缓冲区错误漏洞 |
Showing top 20 of 37 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2019-16278
No comments yet