Sp0Re

**Name of the Vulnerable Software and Affected Versions** Nostromo nhttpd versions 1.9.6 and earlier **Description** The issue allows an attacker to achieve remote code execution via a crafted HTTP request due to a directory traversal vulnerability in the `http verify` function. This vulnerability is being actively exploited. **Recommendations** For versions 1.9.6 and earlier, update to a version that fixes the directory traversal vulnerability in the `http verify` function to prevent remote code execution. As a temporary workaround, consider restricting access to the `http verify` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** nostromo nhttpd versions 1.9.6 and earlier **Description** A memory error in the `SSL accept` function allows an attacker to trigger a denial of service via a crafted HTTP request. **Recommendations** For versions 1.9.6 and earlier, consider disabling the `SSL accept` function as a temporary workaround until a patch is available.