CVE-2009-3898

2009-11-2417:30:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2009-3898

directory traversal

nginx

engine x

vulnerability

web server

nvd

http

webdav

6.2 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.7%

JSON

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a … (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

CPENameOperatorVersion
nginx:nginxnginxeq0.6.1516
f5:nginxf5 nginxeq0.1.0
f5:nginxf5 nginxeq0.1.1
f5:nginxf5 nginxeq0.1.8
f5:nginxf5 nginxeq0.1.9
f5:nginxf5 nginxeq0.1.6
f5:nginxf5 nginxeq0.1.7
f5:nginxf5 nginxeq0.1.4
f5:nginxf5 nginxeq0.1.5
f5:nginxf5 nginxeq0.1.2

CPE	Name	Operator	Version
nginx:nginx	nginx	eq	0.6.1516
f5:nginx	f5 nginx	eq	0.1.0
f5:nginx	f5 nginx	eq	0.1.1
f5:nginx	f5 nginx	eq	0.1.8
f5:nginx	f5 nginx	eq	0.1.9
f5:nginx	f5 nginx	eq	0.1.6
f5:nginx	f5 nginx	eq	0.1.7
f5:nginx	f5 nginx	eq	0.1.4
f5:nginx	f5 nginx	eq	0.1.5
f5:nginx	f5 nginx	eq	0.1.2