ID

VAR-200911-0311


CVE

CVE-2009-3898


TITLE

nginx of src/http/modules/ngx_http_dav_module.c Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2009-005108

DESCRIPTION

Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. nginx of src/http/modules/ngx_http_dav_module.c Contains a directory traversal vulnerability.By a remotely authenticated user WebDAV (1) COPY Or (2) MOVE To the method .. The 'nginx' program is prone to multiple directory-traversal vulnerabilities because the software fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal strings ('../') to overwrite arbitrary files outside the root directory. These issues affect nginx 0.7.61 and 0.7.62; other versions may also be affected. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: nginx WebDAV Directory Traversal Security Issue SECUNIA ADVISORY ID: SA36818 VERIFY ADVISORY: http://secunia.com/advisories/36818/ DESCRIPTION: A security issue has been discovered in nginx, which can be exploited by malicious people to bypass certain security restrictions. Successful exploitation requires that the server has been compiled with the http_dav_module and that the attacker is allowed to use the "MOVE" or "COPY" methods. The security issue is reported in version 0.7.61 and confirmed in version 0.7.62. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201203-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: nginx: Multiple vulnerabilities Date: March 28, 2012 Bugs: #293785, #293786, #293788, #389319, #408367 ID: 201203-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in nginx, the worst of which may allow execution of arbitrary code. Background ========== nginx is a robust, small, and high performance HTTP and reverse proxy server. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/nginx < 1.0.14 >= 1.0.14 Description =========== Multiple vulnerabilities have been found in nginx: * The TLS protocol does not properly handle session renegotiation requests (CVE-2009-3555). * The "ngx_http_process_request_headers()" function in ngx_http_parse.c could cause a NULL pointer dereference (CVE-2009-3896). * The "ngx_resolver_copy()" function in ngx_resolver.c contains a boundary error which could cause a heap-based buffer overflow (CVE-2011-4315). * nginx does not properly parse HTTP header responses which could expose sensitive information (CVE-2012-1180). Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the nginx process, cause a Denial of Service condition, create or overwrite arbitrary files, or obtain sensitive information. Workaround ========== There is no known workaround at this time. Resolution ========== All nginx users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/nginx-1.0.14" References ========== [ 1 ] CVE-2009-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3555 [ 2 ] CVE-2009-3896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3896 [ 3 ] CVE-2009-3898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898 [ 4 ] CVE-2011-4315 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4315 [ 5 ] CVE-2012-1180 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1180 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201203-22.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Gentoo update for nginx SECUNIA ADVISORY ID: SA48577 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48577 RELEASE DATE: 2012-03-28 DISCUSS ADVISORY: http://secunia.com/advisories/48577/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48577/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48577 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for nginx. For more information: SA36751 SA36818 SA37291 SA46798 SA48366 SOLUTION: Update to "www-servers/nginx-1.0.14" or later

Trust: 2.25

sources: NVD: CVE-2009-3898 // JVNDB: JVNDB-2009-005108 // BID: 36490 // VULHUB: VHN-41344 // PACKETSTORM: 81568 // PACKETSTORM: 111273 // PACKETSTORM: 111263

AFFECTED PRODUCTS

vendor:f5model:nginxscope:eqversion:0.8.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.44

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.50

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.48

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.43

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.52

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.60

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.44

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.42

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.50

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.55

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.40

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.52

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.45

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.43

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.42

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.53

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.44

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.47

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.48

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.60

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.53

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.42

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.55

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.34

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.49

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.49

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.57

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.18

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.6

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.36

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.46

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.51

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.29

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.45

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.40

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.45

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.37

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.41

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.58

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.8

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.54

Trust: 1.0

vendor:nginxmodel:nginxscope:eqversion:0.6.1516

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.57

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.39

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.2

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.7

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.46

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.54

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.59

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.16

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.58

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.40

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.41

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.1

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.31

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.30

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.61

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.26

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.56

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.27

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.28

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.43

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.10

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.41

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.35

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.25

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.39

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.7

Trust: 1.0

vendor:f5model:nginxscope:lteversion:0.7.62

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.12

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.59

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.19

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.4

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.24

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.38

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.61

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.39

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.17

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.14

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.11

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.8.5

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.32

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.21

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.1.22

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.9

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.6.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.23

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.47

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.3

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.3.51

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.15

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.33

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.4.13

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.7.56

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.20

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.2.0

Trust: 1.0

vendor:f5model:nginxscope:eqversion:0.5.6

Trust: 1.0

vendor:igor sysoevmodel:nginxscope:ltversion:0.8.x

Trust: 0.8

vendor:igor sysoevmodel:nginxscope:eqversion:0.8.17

Trust: 0.8

vendor:nginxmodel:nginxscope:eqversion:0.7.16

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.15

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.2

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.0

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.1

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.6.35

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.4

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.3

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.6.32

Trust: 0.6

vendor:nginxmodel:nginxscope:eqversion:0.7.62

Trust: 0.6

vendor:igormodel:sysoev nginxscope:eqversion:0.7.62

Trust: 0.3

vendor:igormodel:sysoev nginxscope:eqversion:0.7.61

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

sources: BID: 36490 // JVNDB: JVNDB-2009-005108 // CNNVD: CNNVD-200911-245 // NVD: CVE-2009-3898

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3898
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-3898
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200911-245
value: LOW

Trust: 0.6

VULHUB: VHN-41344
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-3898
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-41344
severity: MEDIUM
baseScore: 4.9
vectorString: AV:N/AC:M/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-41344 // JVNDB: JVNDB-2009-005108 // CNNVD: CNNVD-200911-245 // NVD: CVE-2009-3898

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-41344 // JVNDB: JVNDB-2009-005108 // NVD: CVE-2009-3898

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200911-245

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200911-245

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-005108

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-41344

PATCH

title:Top Pageurl:http://nginx.org/

Trust: 0.8

sources: JVNDB: JVNDB-2009-005108

EXTERNAL IDS

db:NVDid:CVE-2009-3898

Trust: 2.9

db:SECUNIAid:36818

Trust: 1.8

db:SECUNIAid:48577

Trust: 1.8

db:OPENWALLid:OSS-SECURITY/2009/11/20/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2009/11/23/10

Trust: 1.7

db:JVNDBid:JVNDB-2009-005108

Trust: 0.8

db:CNNVDid:CNNVD-200911-245

Trust: 0.7

db:BIDid:36490

Trust: 0.4

db:SEEBUGid:SSVID-87572

Trust: 0.1

db:SEEBUGid:SSVID-66932

Trust: 0.1

db:EXPLOIT-DBid:9829

Trust: 0.1

db:VULHUBid:VHN-41344

Trust: 0.1

db:PACKETSTORMid:81568

Trust: 0.1

db:PACKETSTORMid:111273

Trust: 0.1

db:PACKETSTORMid:111263

Trust: 0.1

sources: VULHUB: VHN-41344 // BID: 36490 // JVNDB: JVNDB-2009-005108 // PACKETSTORM: 81568 // PACKETSTORM: 111273 // PACKETSTORM: 111263 // CNNVD: CNNVD-200911-245 // NVD: CVE-2009-3898

REFERENCES

url:http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0379.html

Trust: 1.8

url:http://security.gentoo.org/glsa/glsa-201203-22.xml

Trust: 1.8

url:http://www.openwall.com/lists/oss-security/2009/11/20/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2009/11/23/10

Trust: 1.7

url:http://secunia.com/advisories/36818

Trust: 1.7

url:http://secunia.com/advisories/48577

Trust: 1.7

url:http://marc.info/?l=oss-security&m=125897425223039&w=2

Trust: 1.6

url:http://marc.info/?l=oss-security&m=125900327409842&w=2

Trust: 1.6

url:http://marc.info/?l=oss-security&m=125897327321676&w=2

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3898

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3898

Trust: 0.8

url:http://nginx.org/

Trust: 0.3

url:/archive/1/506662

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://marc.info/?l=oss-security&amp;m=125897327321676&amp;w=2

Trust: 0.1

url:http://marc.info/?l=oss-security&amp;m=125897425223039&amp;w=2

Trust: 0.1

url:http://marc.info/?l=oss-security&amp;m=125900327409842&amp;w=2

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/advisories/36818/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3896

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3555

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1180

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4315

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3896

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2009-3898

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4315

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1180

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555

Trust: 0.1

url:http://secunia.com/psi_30_beta_launch

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=48577

Trust: 0.1

url:http://secunia.com/advisories/48577/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/48577/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://www.gentoo.org/security/en/glsa/glsa-201203-22.xml

Trust: 0.1

sources: VULHUB: VHN-41344 // BID: 36490 // JVNDB: JVNDB-2009-005108 // PACKETSTORM: 81568 // PACKETSTORM: 111273 // PACKETSTORM: 111263 // CNNVD: CNNVD-200911-245 // NVD: CVE-2009-3898

CREDITS

Kingcope

Trust: 0.3

sources: BID: 36490

SOURCES

db:VULHUBid:VHN-41344
db:BIDid:36490
db:JVNDBid:JVNDB-2009-005108
db:PACKETSTORMid:81568
db:PACKETSTORMid:111273
db:PACKETSTORMid:111263
db:CNNVDid:CNNVD-200911-245
db:NVDid:CVE-2009-3898

LAST UPDATE DATE

2024-08-14T13:11:22.368000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-41344date:2021-11-10T00:00:00
db:BIDid:36490date:2012-03-28T21:30:00
db:JVNDBid:JVNDB-2009-005108date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200911-245date:2023-05-15T00:00:00
db:NVDid:CVE-2009-3898date:2021-11-10T15:52:55.790

SOURCES RELEASE DATE

db:VULHUBid:VHN-41344date:2009-11-24T00:00:00
db:BIDid:36490date:2009-09-23T00:00:00
db:JVNDBid:JVNDB-2009-005108date:2012-09-25T00:00:00
db:PACKETSTORMid:81568date:2009-09-23T05:54:46
db:PACKETSTORMid:111273date:2012-03-29T02:37:12
db:PACKETSTORMid:111263date:2012-03-28T06:36:19
db:CNNVDid:CNNVD-200911-245date:2009-11-24T00:00:00
db:NVDid:CVE-2009-3898date:2009-11-24T17:30:00.437