Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Nginx Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2009-3898 - Vulnerability Database
Nginx

Nginx Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability - CVE-2009-3898

Medium
Reference: CVE-2009-3898
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-3898
Title: Nginx Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Overview:

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63 and 0.8.x before 0.8.17 allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.