Description

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Remediation

References

CVE-2013-0337

Related Vulnerabilities

WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)

WordPress Plugin WordPress Survey & Poll-Quiz, Survey and Poll Unspecified Vulnerability (1.5.8.5)

Joomla! Core 1.0.5 Security Bypass (1.0.5)

Phusion Passenger Other Vulnerability (CVE-2014-1832)

Multiple SugarCRM Products Remote Code Execution Vulnerability (CVE-2023-22952)

Severity

High

Classification

CVE-2013-0337 CWE-264

Tags

Missing Update Known Vulnerabilities