Description
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by kingcope · textremotemultiple
https://www.exploit-db.com/exploits/9829
References (9)
Core 9
Core References
Patch mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=125897425223039&w=2
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/23/10
Patch mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=125897327321676&w=2
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48577
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36818
Patch mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=125900327409842&w=2
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/11/20/1
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201203-22.xml
Scores
EPSS
0.0108
EPSS Percentile
77.9%
Details
CWE
CWE-22
Status
published
Products (50)
f5/nginx
0.1.0
f5/nginx
0.1.1
f5/nginx
0.1.2
f5/nginx
0.1.3
f5/nginx
0.1.4
f5/nginx
0.1.5
f5/nginx
0.1.6
f5/nginx
0.1.7
f5/nginx
0.1.8
f5/nginx
0.1.9
... and 40 more
Published
Nov 24, 2009
Tracked Since
Feb 18, 2026