- **CVE-2026-27654**: Buffer overflow in `ngx_http_dav_module` 🚨 - Affects **F5 NGINX Plus** & **NGINX Open Source** - **Consequences**: - Worker process crash ❌ - File name modified **outside doc root** 📁⚠️
Q2根本原因?(CWE/缺陷点)
- **Root Cause**: Buffer overflow flaw 🧨 - Likely **CWE-120**: Classic buffer copy without size check - Triggered in **ngx_http_dav_module** during WebDAV ops 🔍
Q3影响谁?(版本/组件)
- **Affected Products**: - **F5 NGINX Plus** - **F5 NGINX Open Source** - **Component**: `ngx_http_dav_module` 🛠️ - **Note**: Versions not listed in data ❗
Q4黑客能干啥?(权限/数据)
- **No auth needed** 🚪 - Can cause: - **DoS** via worker termination ⚠️ - **Integrity loss**: alter files outside web root 📂➡️📂 - **No direct data leak** (C:N) but impactful ✅
Q5利用门槛高吗?(认证/配置)
- **Exploitation Threshold**: LOW 🟢 - **AV:N** → Network reachable - **PR:N** → No auth required - **UI:N** → No user interaction - Just hit vulnerable endpoint 🎯
Q6有现成Exp吗?(PoC/在野利用)
- **Public Exploit (PoC)**: ❌ None found - **POCs array empty** in data 🔍 - **Wild exploitation**: Not mentioned 🕵️
Q7怎么自查?(特征/扫描)
- **Self-Check Steps**: - Check if `ngx_http_dav_module` is enabled ✅ - Scan config for `dav_methods`, `dav_access` 🔧 - Review server behavior on crafted WebDAV reqs 🧪 - Monitor worker crashes 🛑
Q8官方修了吗?(补丁/缓解)
- **Official Fix**: Refer vendor advisory 🔗 - Link: [K000160382](https://my.f5.com/manage/s/article/K000160382) 🛡️ - Patch status **not detailed** in given data ⚠️
Q9没补丁咋办?(临时规避)
- **If no patch**: - **Disable** `ngx_http_dav_module` if unused 🚫 - Restrict WebDAV access via firewall rules 🧱 - Limit methods to safe subset 🔐 - Monitor file system changes 🔍
Q10急不急?(优先级建议)
- **Urgency**: HIGH 🚨 - **CVSS**: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H - **Impact**: DoS + Integrity breach - Patch ASAP if module used 💡