VDB
CVE-2009-3898
CVE-2009-3898
PUBLISHED
CVSS 4.900000095367432 MEDIUM
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
EPSS 1.08% · 78.2th percentile
Risk Scores
CVSS 2.0
4.900000095367432
EPSS Score
1.08%
78.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| nginx | nginx | 0.6.1516 |
| f5 | nginx | 0.1.0, 0.1.1, 0.1.2 |
Timeline
- Sep 23, 2009 PoC Published
- Nov 24, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- [oss-security] 20091123 Re: CVEs for nginx mailing-list
- [oss-security] 20091123 Re: CVEs for nginx mailing-list
- [oss-security] 20091123 Re: CVEs for nginx mailing-list
- 20090923 nginx - low risk webdav destination bug mailing-list
- 48577 third-party-advisory
- 36818 third-party-advisory
- [oss-security] 20091123 Re: CVEs for nginx mailing-list
- [oss-security] 20091120 CVEs for nginx mailing-list
- GLSA-201203-22 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-3898 advisory