Bug Title: nginx webdav copy/move method directory traversal Program: nginx Version: nginx/0.7.61 - other versions may also be affected By using characters like "../" the attacker can traverse down the directory tree and place files outside the webroot. This is an insecure behaviour of the nginx webdav module and can be especially dangerous when nginx is used in a virtual hosting environment. nginx runs as the user nobody per default so normally this bug is not a big deal since an attacker may only be allowed to write files to /tmp/ or nobody owned directories.
*** This bug has been marked as a duplicate of bug 293788 ***