Description
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Remediation
References
Related Vulnerabilities
WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)
OpenSSL Resource Management Errors Vulnerability (CVE-2016-0798)
WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)
WebLogic CVE-2016-3416 Vulnerability (CVE-2016-3416)
Envoy Proxy Improper Handling of Exceptional Conditions Vulnerability (CVE-2024-23325)