NVD

Id
51063  
Name
CVE-2009-3898  
Description
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.  
Reject
 
CVSS Version
2  
CVSS Score
4.9  
Severity
Medium  
CVSS Base Score
4.9  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
6.8  
CVSS Vector
(AV:N/AC:M/Au:S/C:P/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-11-24  
Modified Date
2012-06-08  
Seq
2009-3898  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
258785 51063 CVE-2009-3898 20090923 nginx - low risk webdav destination bug  View
258786 51063 CVE-2009-3898 [oss-security] 20091123 Re: CVEs for nginx  View
258787 51063 CVE-2009-3898 [oss-security] 20091123 Re: CVEs for nginx  View
258788 51063 CVE-2009-3898 [oss-security] 20091123 Re: CVEs for nginx  View
258789 51063 CVE-2009-3898 GLSA-201203-22  View
258790 51063 CVE-2009-3898 [oss-security] 20091120 CVEs for nginx  View
258791 51063 CVE-2009-3898 [oss-security] 20091123 Re: CVEs for nginx  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
44101 JVNDB-2009-005108 nginx の src/http/modules/ngx_http_dav_module.c におけるディレクトリトラバーサルの脆弱性 nginx の src/http/modules/ngx_http_dav_module.c には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2009-3898 41329 CVE-2009-3898 51063 4.9 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005108.html 2009-11-24 2012-09-25 View