Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.9
CVSSv2

CVE-2009-3898

Published: 24/11/2009 Updated: 10/11/2021
CVSS v2 Base Score: 4.9 | Impact Score: 4.9 | Exploitability Score: 6.8
VMScore: 495
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N
Subscribe to Nginx

Vulnerability Summary

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) prior to 0.7.63, and 0.8.x prior to 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

f5 nginx 0.3.48

f5 nginx 0.3.11

f5 nginx 0.3.10

f5 nginx 0.2.6

f5 nginx 0.2.4

f5 nginx 0.1.45

f5 nginx 0.1.42

f5 nginx 0.1.37

f5 nginx 0.3.43

f5 nginx 0.3.35

f5 nginx 0.3.34

f5 nginx 0.3.26

f5 nginx 0.3.27

f5 nginx 0.3.18

f5 nginx 0.3.19

f5 nginx 0.3.20

f5 nginx 0.1.10

f5 nginx 0.1.9

f5 nginx 0.1.18

f5 nginx 0.1.17

f5 nginx 0.1.24

f5 nginx 0.1.25

f5 nginx 0.1.32

f5 nginx 0.1.33

f5 nginx 0.1.3

f5 nginx 0.4.11

f5 nginx 0.4.3

f5 nginx 0.4.2

f5 nginx 0.3.56

f5 nginx 0.3.57

f5 nginx 0.3.52

f5 nginx 0.3.53

f5 nginx 0.5.33

f5 nginx 0.5.32

f5 nginx 0.5.25

f5 nginx 0.5.24

f5 nginx 0.5.16

f5 nginx 0.5.17

f5 nginx 0.5.9

f5 nginx 0.3.9

f5 nginx 0.6.17

f5 nginx 0.6.14

f5 nginx 0.6.25

f5 nginx 0.6.22

f5 nginx 0.6.23

f5 nginx 0.5.37

f5 nginx 0.5.36

f5 nginx 0.6.35

f5 nginx 0.6.34

f5 nginx 0.7.39

f5 nginx 0.7.40

f5 nginx 0.7.47

f5 nginx 0.7.48

f5 nginx 0.7.24

f5 nginx 0.7.23

f5 nginx 0.7.31

f5 nginx 0.7.30

f5 nginx 0.8.7

f5 nginx 0.8.8

f5 nginx 0.8.15

f5 nginx 0.7.54

f5 nginx 0.7.61

f5 nginx 0.8.1

f5 nginx 0.6.8

f5 nginx 0.6.7

f5 nginx 0.7.12

f5 nginx 0.7.5

f5 nginx 0.7.13

f5 nginx 0.7.14

f5 nginx 0.7.0

f5 nginx

f5 nginx 0.3.47

f5 nginx 0.3.50

f5 nginx 0.3.2

f5 nginx 0.3.1

f5 nginx 0.2.3

f5 nginx 0.2.0

f5 nginx 0.1.41

f5 nginx 0.1.38

f5 nginx 0.3.39

f5 nginx 0.3.38

f5 nginx 0.3.31

f5 nginx 0.3.30

f5 nginx 0.3.22

f5 nginx 0.3.23

f5 nginx 0.3.15

f5 nginx 0.3.16

f5 nginx 0.1.6

f5 nginx 0.1.5

f5 nginx 0.1.14

f5 nginx 0.1.13

f5 nginx 0.1.20

f5 nginx 0.1.21

f5 nginx 0.1.28

f5 nginx 0.1.29

f5 nginx 0.4.8

f5 nginx 0.5.1

f5 nginx 0.5.0

f5 nginx 0.4.7

f5 nginx 0.4.6

f5 nginx 0.3.60

f5 nginx 0.3.61

f5 nginx 0.5.29

f5 nginx 0.5.28

f5 nginx 0.5.21

f5 nginx 0.5.20

f5 nginx 0.5.12

f5 nginx 0.5.13

f5 nginx 0.5.5

f5 nginx 0.5.6

f5 nginx 0.3.6

f5 nginx 0.6.18

f5 nginx 0.6.13

f5 nginx 0.6.26

f5 nginx 0.6.3

f5 nginx 0.6.2

f5 nginx 0.6.11

f5 nginx 0.6.10

f5 nginx 0.6.31

f5 nginx 0.6.30

f5 nginx 0.7.43

f5 nginx 0.7.44

f5 nginx 0.7.51

f5 nginx 0.7.52

f5 nginx 0.7.28

f5 nginx 0.7.27

f5 nginx 0.7.26

f5 nginx 0.7.35

f5 nginx 0.7.34

f5 nginx 0.8.11

f5 nginx 0.8.12

f5 nginx 0.7.55

f5 nginx 0.7.58

f5 nginx 0.7.57

f5 nginx 0.8.2

f5 nginx 0.8.5

f5 nginx 0.6.4

f5 nginx 0.7.9

f5 nginx 0.7.17

f5 nginx 0.7.18

f5 nginx 0.7.2

f5 nginx 0.7.1

f5 nginx 0.3.49

f5 nginx 0.3.46

f5 nginx 0.3.5

f5 nginx 0.3.4

f5 nginx 0.3.3

f5 nginx 0.2.5

f5 nginx 0.2.2

f5 nginx 0.1.43

f5 nginx 0.1.40

f5 nginx 0.3.42

f5 nginx 0.3.45

f5 nginx 0.3.44

f5 nginx 0.3.37

f5 nginx 0.3.36

f5 nginx 0.3.28

f5 nginx 0.3.29

f5 nginx 0.3.21

f5 nginx 0.3.14

f5 nginx 0.1.8

f5 nginx 0.1.7

f5 nginx 0.1.16

f5 nginx 0.1.15

f5 nginx 0.1.22

f5 nginx 0.1.23

f5 nginx 0.1.30

f5 nginx 0.1.31

f5 nginx 0.4.10

f5 nginx 0.4.9

f5 nginx 0.4.1

f5 nginx 0.4.0

f5 nginx 0.3.54

f5 nginx 0.3.55

f5 nginx 0.3.51

f5 nginx 0.5.27

f5 nginx 0.5.26

f5 nginx 0.5.19

f5 nginx 0.5.18

f5 nginx 0.5.10

f5 nginx 0.5.11

f5 nginx 0.5.2

f5 nginx 0.5.3

f5 nginx 0.5.4

f5 nginx 0.3.8

f5 nginx 0.3.7

f5 nginx 0.6.15

f5 nginx 0.6.12

f5 nginx 0.6.20

f5 nginx 0.6.21

f5 nginx 0.5.35

f5 nginx 0.5.34

f5 nginx 0.6.29

f5 nginx 0.6.28

f5 nginx 0.7.37

f5 nginx 0.7.38

f5 nginx 0.7.45

f5 nginx 0.7.46

f5 nginx 0.7.22

f5 nginx 0.7.21

f5 nginx 0.7.29

f5 nginx 0.7.36

f5 nginx 0.8.9

f5 nginx 0.8.10

f5 nginx 0.7.53

f5 nginx 0.7.56

f5 nginx 0.8.0

f5 nginx 0.8.3

f5 nginx 0.6.6

f5 nginx 0.6.5

f5 nginx 0.7.6

f5 nginx 0.7.7

f5 nginx 0.7.8

f5 nginx 0.7.15

f5 nginx 0.7.16

f5 nginx 0.3.13

f5 nginx 0.3.12

f5 nginx 0.3.0

f5 nginx 0.1.0

f5 nginx 0.2.1

f5 nginx 0.1.44

f5 nginx 0.1.39

f5 nginx 0.1.36

f5 nginx 0.3.41

f5 nginx 0.3.40

f5 nginx 0.3.33

f5 nginx 0.3.32

f5 nginx 0.3.24

f5 nginx 0.3.25

f5 nginx 0.3.17

f5 nginx 0.1.11

f5 nginx 0.1.4

f5 nginx 0.1.19

f5 nginx 0.1.12

f5 nginx 0.1.26

f5 nginx 0.1.27

f5 nginx 0.1.34

f5 nginx 0.1.35

f5 nginx 0.1.1

f5 nginx 0.1.2

f5 nginx 0.4.13

f5 nginx 0.4.12

f5 nginx 0.4.5

f5 nginx 0.4.4

f5 nginx 0.3.58

f5 nginx 0.3.59

f5 nginx 0.5.31

f5 nginx 0.5.30

f5 nginx 0.5.23

f5 nginx 0.5.22

f5 nginx 0.5.14

f5 nginx 0.5.15

f5 nginx 0.5.7

f5 nginx 0.5.8

f5 nginx 0.6.19

nginx nginx 0.6.1516

f5 nginx 0.6.27

f5 nginx 0.6.24

f5 nginx 0.6.1

f5 nginx 0.6.0

f5 nginx 0.6.33

f5 nginx 0.6.32

f5 nginx 0.6.37

f5 nginx 0.6.36

f5 nginx 0.6.38

f5 nginx 0.7.41

f5 nginx 0.7.42

f5 nginx 0.7.49

f5 nginx 0.7.50

f5 nginx 0.7.25

f5 nginx 0.7.32

f5 nginx 0.7.33

f5 nginx 0.8.6

f5 nginx 0.8.13

f5 nginx 0.8.14

f5 nginx 0.7.60

f5 nginx 0.7.59

f5 nginx 0.8.4

f5 nginx 0.6.9

f5 nginx 0.7.10

f5 nginx 0.7.11

f5 nginx 0.7.19

f5 nginx 0.7.20

f5 nginx 0.7.4

f5 nginx 0.7.3

Exploits

Exploit DB: Nginx 0.7.61 - WebDAV Directory Traversal
Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0761 - other versions may also be affected Website: sysoevru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and the user has to have permission to use the COPY or MOVE methods Description: nginx ("E ...

References

CWE-22http://www.openwall.com/lists/oss-security/2009/11/23/10http://marc.info/?l=oss-security&m=125897327321676&w=2http://marc.info/?l=oss-security&m=125900327409842&w=2http://marc.info/?l=oss-security&m=125897425223039&w=2http://www.openwall.com/lists/oss-security/2009/11/20/1http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.htmlhttp://secunia.com/advisories/36818http://security.gentoo.org/glsa/glsa-201203-22.xmlhttp://secunia.com/advisories/48577https://nvd.nist.govhttps://www.exploit-db.com/exploits/9829/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook