CVE-2013-0337

HIGH

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Score CVSS v2.0

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Informations

Publié: 27 oct. 2013
Mis à jour: 11 avr. 2025
Statut: Deferred
Source: secalert@redhat.com

Produits affectés

f5 nginxToutes les CVE nginx →

Versions : 1.3.13, 1.0.0, 1.0.1, 1.0.2, 1.0.3

Faiblesses (CWE)

CWE-264

Références (10)

http://secunia.com/advisories/55181
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201310-04.xml
http://www.openwall.com/lists/oss-security/2013/02/21/15
http://www.openwall.com/lists/oss-security/2013/02/22/1
http://www.openwall.com/lists/oss-security/2013/02/24/1
http://secunia.com/advisories/55181
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201310-04.xml
http://www.openwall.com/lists/oss-security/2013/02/21/15
http://www.openwall.com/lists/oss-security/2013/02/22/1
http://www.openwall.com/lists/oss-security/2013/02/24/1

CVEs similaires

Autres vulnérabilités de type CWE-264

Loading…

Surveillez vos produits

Recevez une alerte automatique à chaque nouvelle CVE affectant vos équipements.

Activer la surveillance