CVE-2013-0337

nginx < 1.3.13 - Sensitive Information Exposure via World-Readable Log Files

Title source: llm
STIX 2.1

Description

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55181
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/24/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/22/1
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201310-04.xml
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/21/15

Scores

EPSS 0.0064
EPSS Percentile 70.7%

Details

CWE
CWE-264
Status published
Products (50)
f5/nginx 1.0.0
f5/nginx 1.0.1
f5/nginx 1.0.2
f5/nginx 1.0.3
f5/nginx 1.0.4
f5/nginx 1.0.5
f5/nginx 1.0.6
f5/nginx 1.0.7
f5/nginx 1.0.8
f5/nginx 1.0.9
... and 40 more
Published Oct 27, 2013
Tracked Since Feb 18, 2026