cbcvebase.
CVE-2019-11013
published 2019-08-22

CVE-2019-11013: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file…

PriorityP356medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
23.98%
97.6th percentile
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

Affected

1 ranges
VendorProductVersion rangeFixed in
softvelumnimble_streamer3.0.2-2 – 3.5.4-9

Detection & IOCsextracted from sources · hover to see the quote

url/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448
path/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8
yara
regex: root:[x*]:0:0
  • Look for HTTP GET requests containing path traversal sequences (../../../../) combined with a null-byte (%00) and a .mp4 extension followed by /chunk.m3u8 in the URI, targeting the /demo/file/ endpoint of Nimble Streamer.
  • A successful exploitation response will return HTTP 200 and contain the string matching 'root:[x*]:0:0' (i.e., /etc/passwd content), indicating local file read via directory traversal.
  • Monitor for the query parameter 'nimblesessionid' appearing in requests to traversal-style paths, as it is part of the exploit URL pattern for this CVE.
  • ·The null-byte injection (%00) is used to truncate the filename extension check — this technique may only be effective on specific OS/runtime configurations where null-byte truncation in file paths is supported.
  • ·Affected versions are strictly 3.0.2-2 through 3.5.4-9; the exploit was tested on version 3.5.4-9 specifically.

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.