Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3898

Overview

Vulnerability Score 4.9 4.9
CVE Id CVE-2009-3898
Last Modified 08 Jun 2012 11:14:52
Published 24 Nov 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2009-3898

Summary

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

Vulnerable Systems

Application

  • Nginx 0.1.0

  • Nginx 0.1.1

  • Nginx 0.1.10

  • Nginx 0.1.11

  • Nginx 0.1.12

  • Nginx 0.1.13

  • Nginx 0.1.14

  • Nginx 0.1.15

  • Nginx 0.1.16

  • Nginx 0.1.17

  • Nginx 0.1.18

  • Nginx 0.1.19

  • Nginx 0.1.2

  • Nginx 0.1.20

  • Nginx 0.1.21

  • Nginx 0.1.22

  • Nginx 0.1.23

  • Nginx 0.1.24

  • Nginx 0.1.25

  • Nginx 0.1.26

  • Nginx 0.1.27

  • Nginx 0.1.28

  • Nginx 0.1.29

  • Nginx 0.1.3

  • Nginx 0.1.30

  • Nginx 0.1.31

  • Nginx 0.1.32

  • Nginx 0.1.33

  • Nginx 0.1.34

  • Nginx 0.1.35

  • Nginx 0.1.36

  • Nginx 0.1.37

  • Nginx 0.1.38

  • Nginx 0.1.39

  • Nginx 0.1.4

  • Nginx 0.1.40

  • Nginx 0.1.41

  • Nginx 0.1.42

  • Nginx 0.1.43

  • Nginx 0.1.44

  • Nginx 0.1.45

  • Nginx 0.1.5

  • Nginx 0.1.6

  • Nginx 0.1.7

  • Nginx 0.1.8

  • Nginx 0.1.9

  • Nginx 0.2.0

  • Nginx 0.2.1

  • Nginx 0.2.2

  • Nginx 0.2.3

  • Nginx 0.2.4

  • Nginx 0.2.5

  • Nginx 0.2.6

  • Nginx 0.3.0

  • Nginx 0.3.1

  • Nginx 0.3.10

  • Nginx 0.3.11

  • Nginx 0.3.12

  • Nginx 0.3.13

  • Nginx 0.3.14

  • Nginx 0.3.15

  • Nginx 0.3.16

  • Nginx 0.3.17

  • Nginx 0.3.18

  • Nginx 0.3.19

  • Nginx 0.3.2

  • Nginx 0.3.20

  • Nginx 0.3.21

  • Nginx 0.3.22

  • Nginx 0.3.23

  • Nginx 0.3.24

  • Nginx 0.3.25

  • Nginx 0.3.26

  • Nginx 0.3.27

  • Nginx 0.3.28

  • Nginx 0.3.29

  • Nginx 0.3.3

  • Nginx 0.3.30

  • Nginx 0.3.31

  • Nginx 0.3.32

  • Nginx 0.3.33

  • Nginx 0.3.34

  • Nginx 0.3.35

  • Nginx 0.3.36

  • Nginx 0.3.37

  • Nginx 0.3.38

  • Nginx 0.3.39

  • Nginx 0.3.4

  • Nginx 0.3.40

  • Nginx 0.3.41

  • Nginx 0.3.42

  • Nginx 0.3.43

  • Nginx 0.3.44

  • Nginx 0.3.45

  • Nginx 0.3.46

  • Nginx 0.3.47

  • Nginx 0.3.48

  • Nginx 0.3.49

  • Nginx 0.3.5

  • Nginx 0.3.50

  • Nginx 0.3.51

  • Nginx 0.3.52

  • Nginx 0.3.53

  • Nginx 0.3.54

  • Nginx 0.3.55

  • Nginx 0.3.56

  • Nginx 0.3.57

  • Nginx 0.3.58

  • Nginx 0.3.59

  • Nginx 0.3.6

  • Nginx 0.3.60

  • Nginx 0.3.61

  • Nginx 0.3.7

  • Nginx 0.3.8

  • Nginx 0.3.9

  • Nginx 0.4.0

  • Nginx 0.4.1

  • Nginx 0.4.10

  • Nginx 0.4.11

  • Nginx 0.4.12

  • Nginx 0.4.13

  • Nginx 0.4.2

  • Nginx 0.4.3

  • Nginx 0.4.4

  • Nginx 0.4.5

  • Nginx 0.4.6

  • Nginx 0.4.7

  • Nginx 0.4.8

  • Nginx 0.4.9

  • Nginx 0.5.0

  • Nginx 0.5.1

  • Nginx 0.5.10

  • Nginx 0.5.11

  • Nginx 0.5.12

  • Nginx 0.5.13

  • Nginx 0.5.14

  • Nginx 0.5.15

  • Nginx 0.5.16

  • Nginx 0.5.17

  • Nginx 0.5.18

  • Nginx 0.5.19

  • Nginx 0.5.2

  • Nginx 0.5.20

  • Nginx 0.5.21

  • Nginx 0.5.22

  • Nginx 0.5.23

  • Nginx 0.5.24

  • Nginx 0.5.25

  • Nginx 0.5.26

  • Nginx 0.5.27

  • Nginx 0.5.28

  • Nginx 0.5.29

  • Nginx 0.5.3

  • Nginx 0.5.30

  • Nginx 0.5.31

  • Nginx 0.5.32

  • Nginx 0.5.33

  • Nginx 0.5.34

  • Nginx 0.5.35

  • Nginx 0.5.36

  • Nginx 0.5.37

  • Nginx 0.5.4

  • Nginx 0.5.5

  • Nginx 0.5.6

  • Nginx 0.5.7

  • Nginx 0.5.8

  • Nginx 0.5.9

  • Nginx 0.6.0

  • Nginx 0.6.1

  • Nginx 0.6.10

  • Nginx 0.6.11

  • Nginx 0.6.12

  • Nginx 0.6.13

  • Nginx 0.6.14

  • Nginx 0.6.15

  • Nginx 0.6.1516

  • Nginx 0.6.17

  • Nginx 0.6.18

  • Nginx 0.6.19

  • Nginx 0.6.2

  • Nginx 0.6.20

  • Nginx 0.6.21

  • Nginx 0.6.22

  • Nginx 0.6.23

  • Nginx 0.6.24

  • Nginx 0.6.25

  • Nginx 0.6.26

  • Nginx 0.6.27

  • Nginx 0.6.28

  • Nginx 0.6.29

  • Nginx 0.6.3

  • Nginx 0.6.30

  • Nginx 0.6.31

  • Nginx 0.6.32

  • Nginx 0.6.33

  • Nginx 0.6.34

  • Nginx 0.6.35

  • Nginx 0.6.36

  • Nginx 0.6.37

  • Nginx 0.6.38

  • Nginx 0.6.4

  • Nginx 0.6.5

  • Nginx 0.6.6

  • Nginx 0.6.7

  • Nginx 0.6.8

  • Nginx 0.6.9

  • Nginx 0.7.0

  • Nginx 0.7.1

  • Nginx 0.7.10

  • Nginx 0.7.11

  • Nginx 0.7.12

  • Nginx 0.7.13

  • Nginx 0.7.14

  • Nginx 0.7.15

  • Nginx 0.7.16

  • Nginx 0.7.17

  • Nginx 0.7.18

  • Nginx 0.7.19

  • Nginx 0.7.2

  • Nginx 0.7.20

  • Nginx 0.7.21

  • Nginx 0.7.22

  • Nginx 0.7.23

  • Nginx 0.7.24

  • Nginx 0.7.25

  • Nginx 0.7.26

  • Nginx 0.7.27

  • Nginx 0.7.28

  • Nginx 0.7.29

  • Nginx 0.7.3

  • Nginx 0.7.30

  • Nginx 0.7.31

  • Nginx 0.7.32

  • Nginx 0.7.33

  • Nginx 0.7.34

  • Nginx 0.7.35

  • Nginx 0.7.36

  • Nginx 0.7.37

  • Nginx 0.7.38

  • Nginx 0.7.39

  • Nginx 0.7.4

  • Nginx 0.7.40

  • Nginx 0.7.41

  • Nginx 0.7.42

  • Nginx 0.7.43

  • Nginx 0.7.44

  • Nginx 0.7.45

  • Nginx 0.7.46

  • Nginx 0.7.47

  • Nginx 0.7.48

  • Nginx 0.7.49

  • Nginx 0.7.5

  • Nginx 0.7.50

  • Nginx 0.7.51

  • Nginx 0.7.52

  • Nginx 0.7.53

  • Nginx 0.7.54

  • Nginx 0.7.55

  • Nginx 0.7.56

  • Nginx 0.7.57

  • Nginx 0.7.58

  • Nginx 0.7.59

  • Nginx 0.7.6

  • Nginx 0.7.60

  • Nginx 0.7.61

  • Nginx 0.7.62

  • Nginx 0.7.7

  • Nginx 0.7.8

  • Nginx 0.7.9

  • Nginx 0.8.0

  • Nginx 0.8.1

  • Nginx 0.8.10

  • Nginx 0.8.11

  • Nginx 0.8.12

  • Nginx 0.8.13

  • Nginx 0.8.14

  • Nginx 0.8.15

  • Nginx 0.8.2

  • Nginx 0.8.3

  • Nginx 0.8.4

  • Nginx 0.8.5

  • Nginx 0.8.6

  • Nginx 0.8.7

  • Nginx 0.8.8

  • Nginx 0.8.9


References

MLIST - [oss-security] 20091123 Re: CVEs for nginx

MLIST - [oss-security] 20091120 CVEs for nginx

SECUNIA - 36818

FULLDISC - 20090923 nginx - low risk webdav destination bug

GENTOO - GLSA-201203-22

SECUNIA - 48577


Last Updated: 27 May 2016 10:56:30