Description
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Remediation
References
Related Vulnerabilities
Apache Traffic Server Improper Authentication Vulnerability (CVE-2021-44759)
WordPress Plugin Fonts-Google Fonts Typography Cross-Site Scripting (3.0.2)
WordPress Plugin MailPoet-emails and newsletters in WordPress Cross-Site Scripting (3.23.1)
lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9441)
WordPress Plugin Banner Garden Multiple Cross-Site Scripting Vulnerabilities (0.1.3)