CVE-2009-3898 : Détail

CVE-2009-3898

Directory Traversal
A01-Broken Access Control
0.44%V3
Network
2009-11-24
16h00 +00:00
2012-06-09
07h00 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Informations sur l'Exploit

Exploit Database EDB-ID : 9829

Date de publication : 2009-09-22 22h00 +00:00
Auteur : kingcope
EDB Vérifié : Yes

Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected Website: http://sysoev.ru/nginx/ Severity: Low Date discovered: 23 September 2009 The webdav component has to be enabled and the user has to have permission to use the COPY or MOVE methods. Description: nginx ("Engine X", written by Igor Sysoev) has the ability to be used as a webdav publishing server. With webdav you can for example copy or move files from one to a different location. The move and copy methods require a "Destination:" HTTP header. The destination header contains information about where the file should be placed. By using characters like "../" the attacker can traverse down the directory tree and place files outside the webroot. This is an insecure behaviour of the nginx webdav module and can be especially dangerous when nginx is used in a virtual hosting environment. nginx runs as the user nobody per default so normally this bug is not a big deal since an attacker may only be allowed to write files to /tmp/ or nobody owned directories. The severity is low because this attack requires webdav "upload" permissions. Here is a sample request for the bug: COPY /index.html HTTP/1.1 Host: localhost Destination: http://localhost/../../../../../../../tmp/nginx.html Thanks for your time, Kingcope - [email protected]

Products Mentioned

Configuraton 0

F5>>Nginx >> Version To (including) 0.7.62

F5>>Nginx >> Version 0.1.0

F5>>Nginx >> Version 0.1.1

F5>>Nginx >> Version 0.1.2

F5>>Nginx >> Version 0.1.3

F5>>Nginx >> Version 0.1.4

F5>>Nginx >> Version 0.1.5

F5>>Nginx >> Version 0.1.6

F5>>Nginx >> Version 0.1.7

F5>>Nginx >> Version 0.1.8

F5>>Nginx >> Version 0.1.9

F5>>Nginx >> Version 0.1.10

F5>>Nginx >> Version 0.1.11

F5>>Nginx >> Version 0.1.12

F5>>Nginx >> Version 0.1.13

F5>>Nginx >> Version 0.1.14

F5>>Nginx >> Version 0.1.15

F5>>Nginx >> Version 0.1.16

F5>>Nginx >> Version 0.1.17

F5>>Nginx >> Version 0.1.18

F5>>Nginx >> Version 0.1.19

F5>>Nginx >> Version 0.1.20

F5>>Nginx >> Version 0.1.21

F5>>Nginx >> Version 0.1.22

F5>>Nginx >> Version 0.1.23

F5>>Nginx >> Version 0.1.24

F5>>Nginx >> Version 0.1.25

F5>>Nginx >> Version 0.1.26

F5>>Nginx >> Version 0.1.27

F5>>Nginx >> Version 0.1.28

F5>>Nginx >> Version 0.1.29

F5>>Nginx >> Version 0.1.30

F5>>Nginx >> Version 0.1.31

F5>>Nginx >> Version 0.1.32

F5>>Nginx >> Version 0.1.33

F5>>Nginx >> Version 0.1.34

F5>>Nginx >> Version 0.1.35

F5>>Nginx >> Version 0.1.36

F5>>Nginx >> Version 0.1.37

F5>>Nginx >> Version 0.1.38

F5>>Nginx >> Version 0.1.39

F5>>Nginx >> Version 0.1.40

F5>>Nginx >> Version 0.1.41

F5>>Nginx >> Version 0.1.42

F5>>Nginx >> Version 0.1.43

F5>>Nginx >> Version 0.1.44

F5>>Nginx >> Version 0.1.45

F5>>Nginx >> Version 0.2.0

F5>>Nginx >> Version 0.2.1

F5>>Nginx >> Version 0.2.2

F5>>Nginx >> Version 0.2.3

F5>>Nginx >> Version 0.2.4

F5>>Nginx >> Version 0.2.5

F5>>Nginx >> Version 0.2.6

F5>>Nginx >> Version 0.3.0

F5>>Nginx >> Version 0.3.1

F5>>Nginx >> Version 0.3.2

F5>>Nginx >> Version 0.3.3

F5>>Nginx >> Version 0.3.4

F5>>Nginx >> Version 0.3.5

F5>>Nginx >> Version 0.3.6

F5>>Nginx >> Version 0.3.7

F5>>Nginx >> Version 0.3.8

F5>>Nginx >> Version 0.3.9

F5>>Nginx >> Version 0.3.10

F5>>Nginx >> Version 0.3.11

F5>>Nginx >> Version 0.3.12

F5>>Nginx >> Version 0.3.13

F5>>Nginx >> Version 0.3.14

F5>>Nginx >> Version 0.3.15

F5>>Nginx >> Version 0.3.16

F5>>Nginx >> Version 0.3.17

F5>>Nginx >> Version 0.3.18

F5>>Nginx >> Version 0.3.19

F5>>Nginx >> Version 0.3.20

F5>>Nginx >> Version 0.3.21

F5>>Nginx >> Version 0.3.22

F5>>Nginx >> Version 0.3.23

F5>>Nginx >> Version 0.3.24

F5>>Nginx >> Version 0.3.25

F5>>Nginx >> Version 0.3.26

F5>>Nginx >> Version 0.3.27

F5>>Nginx >> Version 0.3.28

F5>>Nginx >> Version 0.3.29

F5>>Nginx >> Version 0.3.30

F5>>Nginx >> Version 0.3.31

F5>>Nginx >> Version 0.3.32

F5>>Nginx >> Version 0.3.33

F5>>Nginx >> Version 0.3.34

F5>>Nginx >> Version 0.3.35

F5>>Nginx >> Version 0.3.36

F5>>Nginx >> Version 0.3.37

F5>>Nginx >> Version 0.3.38

F5>>Nginx >> Version 0.3.39

F5>>Nginx >> Version 0.3.40

F5>>Nginx >> Version 0.3.41

F5>>Nginx >> Version 0.3.42

F5>>Nginx >> Version 0.3.43

F5>>Nginx >> Version 0.3.44

F5>>Nginx >> Version 0.3.45

F5>>Nginx >> Version 0.3.46

F5>>Nginx >> Version 0.3.47

F5>>Nginx >> Version 0.3.48

F5>>Nginx >> Version 0.3.49

F5>>Nginx >> Version 0.3.50

F5>>Nginx >> Version 0.3.51

F5>>Nginx >> Version 0.3.52

F5>>Nginx >> Version 0.3.53

F5>>Nginx >> Version 0.3.54

F5>>Nginx >> Version 0.3.55

F5>>Nginx >> Version 0.3.56

F5>>Nginx >> Version 0.3.57

F5>>Nginx >> Version 0.3.58

F5>>Nginx >> Version 0.3.59

F5>>Nginx >> Version 0.3.60

F5>>Nginx >> Version 0.3.61

F5>>Nginx >> Version 0.4.0

F5>>Nginx >> Version 0.4.1

F5>>Nginx >> Version 0.4.2

F5>>Nginx >> Version 0.4.3

F5>>Nginx >> Version 0.4.4

F5>>Nginx >> Version 0.4.5

F5>>Nginx >> Version 0.4.6

F5>>Nginx >> Version 0.4.7

F5>>Nginx >> Version 0.4.8

F5>>Nginx >> Version 0.4.9

F5>>Nginx >> Version 0.4.10

F5>>Nginx >> Version 0.4.11

F5>>Nginx >> Version 0.4.12

F5>>Nginx >> Version 0.4.13

F5>>Nginx >> Version 0.5.0

F5>>Nginx >> Version 0.5.1

F5>>Nginx >> Version 0.5.2

F5>>Nginx >> Version 0.5.3

F5>>Nginx >> Version 0.5.4

F5>>Nginx >> Version 0.5.5

F5>>Nginx >> Version 0.5.6

F5>>Nginx >> Version 0.5.7

F5>>Nginx >> Version 0.5.8

F5>>Nginx >> Version 0.5.9

F5>>Nginx >> Version 0.5.10

F5>>Nginx >> Version 0.5.11

F5>>Nginx >> Version 0.5.12

F5>>Nginx >> Version 0.5.13

F5>>Nginx >> Version 0.5.14

F5>>Nginx >> Version 0.5.15

F5>>Nginx >> Version 0.5.16

F5>>Nginx >> Version 0.5.17

F5>>Nginx >> Version 0.5.18

F5>>Nginx >> Version 0.5.19

F5>>Nginx >> Version 0.5.20

F5>>Nginx >> Version 0.5.21

F5>>Nginx >> Version 0.5.22

F5>>Nginx >> Version 0.5.23

F5>>Nginx >> Version 0.5.24

F5>>Nginx >> Version 0.5.25

F5>>Nginx >> Version 0.5.26

F5>>Nginx >> Version 0.5.27

F5>>Nginx >> Version 0.5.28

F5>>Nginx >> Version 0.5.29

F5>>Nginx >> Version 0.5.30

F5>>Nginx >> Version 0.5.31

F5>>Nginx >> Version 0.5.32

F5>>Nginx >> Version 0.5.33

F5>>Nginx >> Version 0.5.34

F5>>Nginx >> Version 0.5.35

F5>>Nginx >> Version 0.5.36

F5>>Nginx >> Version 0.5.37

F5>>Nginx >> Version 0.6.0

F5>>Nginx >> Version 0.6.1

F5>>Nginx >> Version 0.6.2

F5>>Nginx >> Version 0.6.3

F5>>Nginx >> Version 0.6.4

F5>>Nginx >> Version 0.6.5

F5>>Nginx >> Version 0.6.6

F5>>Nginx >> Version 0.6.7

F5>>Nginx >> Version 0.6.8

F5>>Nginx >> Version 0.6.9

F5>>Nginx >> Version 0.6.10

F5>>Nginx >> Version 0.6.11

F5>>Nginx >> Version 0.6.12

F5>>Nginx >> Version 0.6.13

F5>>Nginx >> Version 0.6.14

F5>>Nginx >> Version 0.6.15

F5>>Nginx >> Version 0.6.17

F5>>Nginx >> Version 0.6.18

F5>>Nginx >> Version 0.6.19

F5>>Nginx >> Version 0.6.20

F5>>Nginx >> Version 0.6.21

F5>>Nginx >> Version 0.6.22

F5>>Nginx >> Version 0.6.23

F5>>Nginx >> Version 0.6.24

F5>>Nginx >> Version 0.6.25

F5>>Nginx >> Version 0.6.26

F5>>Nginx >> Version 0.6.27

F5>>Nginx >> Version 0.6.28

F5>>Nginx >> Version 0.6.29

F5>>Nginx >> Version 0.6.30

F5>>Nginx >> Version 0.6.31

F5>>Nginx >> Version 0.6.32

F5>>Nginx >> Version 0.6.33

F5>>Nginx >> Version 0.6.34

F5>>Nginx >> Version 0.6.35

F5>>Nginx >> Version 0.6.36

F5>>Nginx >> Version 0.6.37

F5>>Nginx >> Version 0.6.38

F5>>Nginx >> Version 0.7.0

F5>>Nginx >> Version 0.7.1

F5>>Nginx >> Version 0.7.2

F5>>Nginx >> Version 0.7.3

F5>>Nginx >> Version 0.7.4

F5>>Nginx >> Version 0.7.5

F5>>Nginx >> Version 0.7.6

F5>>Nginx >> Version 0.7.7

F5>>Nginx >> Version 0.7.8

F5>>Nginx >> Version 0.7.9

F5>>Nginx >> Version 0.7.10

F5>>Nginx >> Version 0.7.11

F5>>Nginx >> Version 0.7.12

F5>>Nginx >> Version 0.7.13

F5>>Nginx >> Version 0.7.14

F5>>Nginx >> Version 0.7.15

F5>>Nginx >> Version 0.7.16

F5>>Nginx >> Version 0.7.17

F5>>Nginx >> Version 0.7.18

F5>>Nginx >> Version 0.7.19

F5>>Nginx >> Version 0.7.20

F5>>Nginx >> Version 0.7.21

F5>>Nginx >> Version 0.7.22

F5>>Nginx >> Version 0.7.23

F5>>Nginx >> Version 0.7.24

F5>>Nginx >> Version 0.7.25

F5>>Nginx >> Version 0.7.26

F5>>Nginx >> Version 0.7.27

F5>>Nginx >> Version 0.7.28

F5>>Nginx >> Version 0.7.29

F5>>Nginx >> Version 0.7.30

F5>>Nginx >> Version 0.7.31

F5>>Nginx >> Version 0.7.32

F5>>Nginx >> Version 0.7.33

F5>>Nginx >> Version 0.7.34

F5>>Nginx >> Version 0.7.35

F5>>Nginx >> Version 0.7.36

F5>>Nginx >> Version 0.7.37

F5>>Nginx >> Version 0.7.38

F5>>Nginx >> Version 0.7.39

F5>>Nginx >> Version 0.7.40

F5>>Nginx >> Version 0.7.41

F5>>Nginx >> Version 0.7.42

F5>>Nginx >> Version 0.7.43

F5>>Nginx >> Version 0.7.44

F5>>Nginx >> Version 0.7.45

F5>>Nginx >> Version 0.7.46

F5>>Nginx >> Version 0.7.47

F5>>Nginx >> Version 0.7.48

F5>>Nginx >> Version 0.7.49

F5>>Nginx >> Version 0.7.50

F5>>Nginx >> Version 0.7.51

F5>>Nginx >> Version 0.7.52

F5>>Nginx >> Version 0.7.53

F5>>Nginx >> Version 0.7.54

F5>>Nginx >> Version 0.7.55

F5>>Nginx >> Version 0.7.56

F5>>Nginx >> Version 0.7.57

F5>>Nginx >> Version 0.7.58

F5>>Nginx >> Version 0.7.59

F5>>Nginx >> Version 0.7.60

F5>>Nginx >> Version 0.7.61

F5>>Nginx >> Version 0.8.0

F5>>Nginx >> Version 0.8.1

F5>>Nginx >> Version 0.8.2

F5>>Nginx >> Version 0.8.3

F5>>Nginx >> Version 0.8.4

F5>>Nginx >> Version 0.8.5

F5>>Nginx >> Version 0.8.6

F5>>Nginx >> Version 0.8.7

F5>>Nginx >> Version 0.8.8

F5>>Nginx >> Version 0.8.9

F5>>Nginx >> Version 0.8.10

F5>>Nginx >> Version 0.8.11

F5>>Nginx >> Version 0.8.12

F5>>Nginx >> Version 0.8.13

F5>>Nginx >> Version 0.8.14

F5>>Nginx >> Version 0.8.15

Nginx>>Nginx >> Version 0.6.1516

    Références

    http://marc.info/?l=oss-security&m=125897425223039&w=2
    Tags : mailing-list, x_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2009/11/23/10
    Tags : mailing-list, x_refsource_MLIST
    http://marc.info/?l=oss-security&m=125897327321676&w=2
    Tags : mailing-list, x_refsource_MLIST
    http://secunia.com/advisories/48577
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://secunia.com/advisories/36818
    Tags : third-party-advisory, x_refsource_SECUNIA
    http://marc.info/?l=oss-security&m=125900327409842&w=2
    Tags : mailing-list, x_refsource_MLIST
    http://www.openwall.com/lists/oss-security/2009/11/20/1
    Tags : mailing-list, x_refsource_MLIST
    http://security.gentoo.org/glsa/glsa-201203-22.xml
    Tags : vendor-advisory, x_refsource_GENTOO