[NGINX:CVE-2009-3898] Directory traversal vulnerability
Severity
Minor
Affected Packages
1
Unaffected Packages
2
CVEs
1
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
| Package | Affected Version |
|---|---|
 pkg:nginx/nginx
|
>= 0.1.0, <= 0.8.16 |
| Package | Unaffected Version |
|---|---|
|
pkg:nginx/nginx
|
>= 0.8.17 |
|
pkg:nginx/nginx
|
>= 0.7.63 |
- ID
- NGINX:CVE-2009-3898
- Severity
- minor
- Published
-
2009-11-24T17:30:00
(15 years ago) - Modified
-
2009-11-24T17:30:00
(15 years ago) - Rights
- NGINX Security Team
- Other Advisories
GLSA-201203-22| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |