Description

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

Remediation

References

CVE-2009-3898

Related Vulnerabilities

Dolibarr Improper Input Validation Vulnerability (CVE-2013-2093)

WordPress Plugin WP Open Social Cross-Site Scripting (5.0)

MySQL CVE-2018-3061 Vulnerability (CVE-2018-3061)

Zope Web Application Server Other Vulnerability (CVE-2010-3198)

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.2)

Severity

Medium

Classification

CVE-2009-3898 CWE-22

Tags

Missing Update Known Vulnerabilities