PT-2013-2246 · Nginx+1 · Nginx+1

Alexey V. Vissarionov

Published

2013-10-27

Updated

2021-11-10

CVE-2013-0337

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions nginx versions 1.3.13 and earlier

Description The default configuration of nginx uses world-readable permissions for the access.log and error.log files. This allows local users to obtain sensitive information by reading these files.

Recommendations For versions 1.3.13 and earlier, consider changing the permissions of the access.log and error.log files to restrict read access to authorized users only.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-0337

ECHO-56F7-B9E3-0470

Affected Products

Debian

Nginx

PT-2013-2246 · Nginx+1 · Nginx+1

CVE-2013-0337

Weakness Enumeration

Related Identifiers

Affected Products

References · 17