CVE-2009-3898

nginx <0.7.63, <0.8.17 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3898. PoCs published by kingcope.

AI-analyzed exploit summary The document describes a directory traversal vulnerability in nginx's WebDAV module (CVE-2009-3898), where the COPY or MOVE methods can be abused via a malformed 'Destination' header to place files outside the webroot. It includes a sample HTTP request demonstrating the exploit but does not provide functional code.

Description

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

Exploits (1)

exploitdb WRITEUP VERIFIED

by kingcope · textremotemultiple

https://www.exploit-db.com/exploits/9829

View Code ZIP pw:eip

The document describes a directory traversal vulnerability in nginx's WebDAV module (CVE-2009-3898), where the COPY or MOVE methods can be abused via a malformed 'Destination' header to place files outside the webroot. It includes a sample HTTP request demonstrating the exploit but does not provide functional code.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: nginx 0.7.61 (and potentially other versions)

Auth required

Prerequisites: WebDAV enabled · COPY/MOVE permissions granted to the attacker

MITRE ATT&CK