Quoted from $URL: "Description: A security issue has been discovered in nginx, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to nginx not properly verifying the path for the WebDAV "MOVE" and "COPY" methods, which can be exploited to e.g. write to files outside the specified document root. Successful exploitation requires that the server has been compiled with the http_dav_module and that the attacker is allowed to use the "MOVE" or "COPY" methods. The security issue is reported in version 0.7.61 and confirmed in version 0.7.62. Other versions may also be affected." The webdav USE-flag is not enabled by default.
CVE-2009-3898 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3898): Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
C1 needs a GLSA, request filed.
0.7.64 is in the stable trees, resolving.
reopening.
Dirkjan, do not close security bugs, if you're not sure it's the right thing to close them.
This issue was resolved and addressed in GLSA 201203-22 at http://security.gentoo.org/glsa/glsa-201203-22.xml by GLSA coordinator Sean Amoss (ackle).
*** Bug 286391 has been marked as a duplicate of this bug. ***