Summary
The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input.
An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory.
These issues affect nginx 0.7.61 and 0.7.62
other versions may also
be affected.
References
Severity
Classification
-
CVE CVE-2009-3898 -
CVSS Base Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N
Related Vulnerabilities
- IOServer Trailing Backslash Multiple Directory Traversal Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 02 - March 2011
- Apache HTTP Server 'mod_dav_svn' Denial of Service Vulnerability (Windows)
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability
- Acritum Femitter Server 1.03 Multiple Remote Vulnerabilities