CVE-2013-0337

HIGH

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

CVSS v2.0 Score

7.5

/ 10.0

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Information

Published: 27 oct. 2013
Updated: 11 avr. 2025
Status: Deferred
Source: secalert@redhat.com

Affected products

f5 nginxAll nginx CVEs →

Versions : 1.3.13, 1.0.0, 1.0.1, 1.0.2, 1.0.3

Weaknesses (CWE)

CWE-264

References (10)

http://secunia.com/advisories/55181
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201310-04.xml
http://www.openwall.com/lists/oss-security/2013/02/21/15
http://www.openwall.com/lists/oss-security/2013/02/22/1
http://www.openwall.com/lists/oss-security/2013/02/24/1
http://secunia.com/advisories/55181
Vendor Advisory
http://security.gentoo.org/glsa/glsa-201310-04.xml
http://www.openwall.com/lists/oss-security/2013/02/21/15
http://www.openwall.com/lists/oss-security/2013/02/22/1
http://www.openwall.com/lists/oss-security/2013/02/24/1

Similar CVEs

Other vulnerabilities of type CWE-264

Loading…

Monitor your products

Get automatic alerts for every new CVE affecting your equipment.

Enable monitoring