Back to search
CVE-2009-3898
Published: Nov 24, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20091123 Re: CVEs for nginx
mailing-list
x_refsource_MLIST
[oss-security] 20091123 Re: CVEs for nginx
mailing-list
x_refsource_MLIST
[oss-security] 20091123 Re: CVEs for nginx
mailing-list
x_refsource_MLIST
20090923 nginx - low risk webdav destination bug
mailing-list
x_refsource_FULLDISC
48577
third-party-advisory
x_refsource_SECUNIA
36818
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20091123 Re: CVEs for nginx
mailing-list
x_refsource_MLIST
[oss-security] 20091120 CVEs for nginx
mailing-list
x_refsource_MLIST
GLSA-201203-22
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now