CVE-2019-11013
published 2019-08-22CVE-2019-11013: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file…
PriorityP356medium6.5CVSS 3.0
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
23.98%
97.6th percentile
Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softvelum | nimble_streamer | 3.0.2-2 – 3.5.4-9 | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
regex: root:[x*]:0:0
- →Look for HTTP GET requests containing path traversal sequences (../../../../) combined with a null-byte (%00) and a .mp4 extension followed by /chunk.m3u8 in the URI, targeting the /demo/file/ endpoint of Nimble Streamer. ↗
- →A successful exploitation response will return HTTP 200 and contain the string matching 'root:[x*]:0:0' (i.e., /etc/passwd content), indicating local file read via directory traversal. ↗
- →Monitor for the query parameter 'nimblesessionid' appearing in requests to traversal-style paths, as it is part of the exploit URL pattern for this CVE. ↗
- ·The null-byte injection (%00) is used to truncate the filename extension check — this technique may only be effective on specific OS/runtime configurations where null-byte truncation in file paths is supported. ↗
- ·Affected versions are strictly 3.0.2-2 through 3.5.4-9; the exploit was tested on version 3.5.4-9 specifically. ↗
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
exploitdb·2019-08-23·CVSS 6.5
CVE-2019-11013 [MEDIUM] Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
---
# Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal
# Exploit Author: MAYASEVEN
# Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/"
# Published on 08/04/2019
# Vendor Homepage at "https://wmspanel.com/nimble"
# Affected Version 3.0.2-2 to 3.5.4-9
# Tested on 3.5.4-9
# CVE-2019-11013 Nimble Streamer 3.0.2-2 to 3.5.4-9 Path Traversal
# Description: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability.
# Successful exploitation could allow an attacker to traverse the file system to access
# files or directories that are outside of the restricted directory on the remote server.
POC :
- http://somesite.com/demo/file/../../../../../../../../et
Nuclei
Nimble Streamer <=3.5.4-9 - Local File Inclusion
nuclei·CVSS 6.5
CVE-2019-11013 [MEDIUM] Nimble Streamer <=3.5.4-9 - Local File Inclusion
Nimble Streamer <=3.5.4-9 - Local File Inclusion
Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
Template:
id: CVE-2019-11013
info:
name: Nimble Streamer <=3.5.4-9 - Local File Inclusion
author: 0x_Akoko
severity: medium
description: Nimble Streamer 3.0.2-2 through 3.5.4-9 is vulnerable to local file inclusion. An attacker can traverse the file system to access files or directories that are outside of the restricted directory on the remote server.
impact: |
The LFI vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and further exploitation of the system.
remediation: |
Upgrade Nim
No writeups or analysis indexed.
http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.htmlhttps://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/http://packetstormsecurity.com/files/154196/Nimble-Streamer-3.x-Directory-Traversal.htmlhttps://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/
2019-08-22
Published