CVE-2009-3898

Metadata

CVE-2009-3898
4.9
archives.neohapsis.com, marc.info, marc.info, marc.info, security.gentoo.org, openwall.com, openwall.com
2009-11-24
2017-06-06 20:21

Description

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

Related Vulnerabilities

platform vulnerability
CVE-2009-3898 nginx
CVE-2009-3898