CVE-2021-34820
Description
Web Path Directory Traversal in the Novus HTTP Server. The Novus HTTP Server is affected by the Directory Traversal for Arbitrary File Access vulnerability. A remote, unauthenticated attacker using an HTTP GET request may be able to exploit this issue to access sensitive data. The issue was discovered in the NMS (Novus Management System) software through 1.51.2
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated directory traversal in Novus HTTP Server (NMS ≤1.51.2) allows remote attackers to read arbitrary files via crafted HTTP GET requests.
Vulnerability
The Novus HTTP Server, which is part of the Novus Management System (NMS) software through version 1.51.2, is affected by a web path directory traversal vulnerability [1]. A remote, unauthenticated attacker can exploit this issue by sending a crafted HTTP GET request to traverse directories and access arbitrary files on the server [1].
Exploitation
An attacker with network access to the Novus HTTP Server can send a specially crafted HTTP GET request containing path traversal sequences (e.g., ../) to read files outside the web root directory [1]. No authentication is required to exploit this vulnerability [1].
Impact
Successful exploitation allows the attacker to read sensitive data from the server, such as configuration files, credentials, or other confidential information [1]. This constitutes a disclosure of confidential information (Confidentiality impact) [1].
Mitigation
A fix is not explicitly mentioned in the available reference [1]. The issue affects NMS software through version 1.51.2 [1]. Users should monitor vendor advisories for a patched version or apply network-level controls (e.g., web application firewall rules) to block path traversal patterns [1].
Not yet disclosed in the available references.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Novus/Novus HTTP Serverdescription
- Range: <=1.51.2
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- packetstormsecurity.com/files/163453/Novus-Management-System-Directory-Traversal-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2021/Jul/20mitremailing-listx_refsource_FULLDISC
News mentions
0No linked articles in our index yet.