Directory Traversal Vulnerability in NGINX WebDAV Module
CVE-2009-3898

Currently unrated

Key Information:

Vendor: Nginx
Status: Nginx
Vendor: CVE Published:; 24 November 2009

What is CVE-2009-3898?

A directory traversal vulnerability in the NGINX WebDAV module allows remote authenticated users to exploit the .. (dot dot) sequence within the Destination HTTP header. This flaw enables authorized attackers to create or overwrite arbitrary files on the server when utilizing the COPY or MOVE methods of WebDAV. The problem exists in NGINX prior to version 0.7.63 and in the 0.8.x series before 0.8.17, which may lead to severe security breaches if not addressed.

References

http://marc.info/?l=oss-security&m=125897425223039&w=2

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2009/11/23/10

mailing-listx_refsource_MLIST

http://marc.info/?l=oss-security&m=125897327321676&w=2

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2009
Vulnerability Reserved
Nov 5, 2009

Nginx

What is CVE-2009-3898?

References

Timeline