Description
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.0.x Information Disclosure (3.0.0 - 3.0.2)
Oracle Application Server Other Vulnerability (CVE-2007-2130)
Oracle JRE CVE-2022-21299 Vulnerability (CVE-2022-21299)
WordPress Plugin WordPress Popular Posts Cross-Site Scripting (5.3.3)
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)