Summary
The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory.
These issues affect nginx 0.7.61 and 0.7.62
other versions may also
be affected.
References
Severity
Classification
-
CVE CVE-2009-3898 -
CVSS Base Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N
Related Vulnerabilities
- IBM WebSphere Application Server Administration Console DoS vulnerability
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- IBM HTTP Server Multiple Cross Site Scripting Vulnerabilities
- LiteSpeed Web Server Source Code Information Disclosure Vulnerability
- AOLServer Terminal Escape Sequence in Logs Command Injection Vulnerability