Published: 27/10/2013 Updated: 10/11/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The default configuration of nginx, possibly 1.3.13 and previous versions, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 nginx
f5 nginx 1.2.0
f5 nginx 1.1.9
f5 nginx 1.1.8
f5 nginx 1.1.7
f5 nginx 1.1.12
f5 nginx 1.1.11
f5 nginx 1.1.10
f5 nginx 1.1.1
f5 nginx 1.0.11
f5 nginx 1.0.10
f5 nginx 1.0.1
f5 nginx 1.0.0
f5 nginx 1.3.8
f5 nginx 1.3.7
f5 nginx 1.3.6
f5 nginx 1.3.5
f5 nginx 1.1.2
f5 nginx 1.1.19
f5 nginx 1.1.18
f5 nginx 1.1.17
f5 nginx 1.0.5
f5 nginx 1.0.4
f5 nginx 1.0.3
f5 nginx 1.0.2
f5 nginx 1.3.11
f5 nginx 1.3.9
f5 nginx 1.3.4
f5 nginx 1.3.2
f5 nginx 1.3.0
f5 nginx 1.1.6
f5 nginx 1.1.4
f5 nginx 1.1.15
f5 nginx 1.1.13
f5 nginx 1.1.0
f5 nginx 1.0.8
f5 nginx 1.0.6
f5 nginx 1.0.15
f5 nginx 1.0.13
f5 nginx 1.3.12
f5 nginx 1.3.10
f5 nginx 1.3.3
f5 nginx 1.3.1
f5 nginx 1.1.5
f5 nginx 1.1.3
f5 nginx 1.1.16
f5 nginx 1.1.14
f5 nginx 1.0.9
f5 nginx 1.0.7
f5 nginx 1.0.14
f5 nginx 1.0.12

Debian Bug report logs - #701112 nginx: CVE-2013-0337: Directory /var/log/nginx is world readable Package: nginx; Maintainer for nginx is Debian Nginx Maintainers <pkg-nginx-maintainers@alioth-listsdebiannet>; Source for nginx is src:nginx (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Thu, 21 ...

CWE-264 http://www.openwall.com/lists/oss-security/2013/02/21/15 http://www.openwall.com/lists/oss-security/2013/02/22/1 http://secunia.com/advisories/55181 http://www.openwall.com/lists/oss-security/2013/02/24/1 http://security.gentoo.org/glsa/glsa-201310-04.xml https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701112 https://nvd.nist.gov

CVE-2013-0337

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect