## Nostromo nhttpd RCE (CVE-2019-16278)

|   **Vulnerability**  | **Nostromo nhttpd RCE (CVE-2019-16278)**  |
| :----:   | :-----|
|  **Chinese name**  | Nostromo nhttpd远程代码执行漏洞（CVE-2019-16278） |
| **CVSS core**  | 9.8 |
| **FOFA Query**  (click to view the results directly)| [(header=\"Server: nostromo\" \|\| banner=\"Server: nostromo \")](https://en.fofa.info/result?qbase64=KGhlYWRlcj0iU2VydmVyOiBub3N0cm9tbyIgfHwgYmFubmVyPSJTZXJ2ZXI6IG5vc3Ryb21vICIp) |
| **Number of assets affected**  | 3737 |
| **Description**  | Directory Traversal in the function http_verify in nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via a crafted HTTP request. |
| **Impact** | Nostromo nhttpd RCE (CVE-2019-16278) |

![](https://s3.bmp.ovh/imgs/2023/04/21/5cc3d5eeb458b766.gif)