fkie_nvd - fkie_cve-2013-0337

fkie_cve-2013-0337

Vulnerability from fkie_nvd

Published

2013-10-27 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/55181	Vendor Advisory
secalert@redhat.com	http://security.gentoo.org/glsa/glsa-201310-04.xml
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/02/21/15
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/02/22/1
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2013/02/24/1
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/55181	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-201310-04.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/02/21/15
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/02/22/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/02/24/1

Impacted products

Vendor	Product	Version
f5	nginx	*
f5	nginx	1.0.0
f5	nginx	1.0.1
f5	nginx	1.0.2
f5	nginx	1.0.3
f5	nginx	1.0.4
f5	nginx	1.0.5
f5	nginx	1.0.6
f5	nginx	1.0.7
f5	nginx	1.0.8
f5	nginx	1.0.9
f5	nginx	1.0.10
f5	nginx	1.0.11
f5	nginx	1.0.12
f5	nginx	1.0.13
f5	nginx	1.0.14
f5	nginx	1.0.15
f5	nginx	1.1.0
f5	nginx	1.1.1
f5	nginx	1.1.2
f5	nginx	1.1.3
f5	nginx	1.1.4
f5	nginx	1.1.5
f5	nginx	1.1.6
f5	nginx	1.1.7
f5	nginx	1.1.8
f5	nginx	1.1.9
f5	nginx	1.1.10
f5	nginx	1.1.11
f5	nginx	1.1.12
f5	nginx	1.1.13
f5	nginx	1.1.14
f5	nginx	1.1.15
f5	nginx	1.1.16
f5	nginx	1.1.17
f5	nginx	1.1.18
f5	nginx	1.1.19
f5	nginx	1.2.0
f5	nginx	1.3.0
f5	nginx	1.3.1
f5	nginx	1.3.2
f5	nginx	1.3.3
f5	nginx	1.3.4
f5	nginx	1.3.5
f5	nginx	1.3.6
f5	nginx	1.3.7
f5	nginx	1.3.8
f5	nginx	1.3.9
f5	nginx	1.3.10
f5	nginx	1.3.11
f5	nginx	1.3.12

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B697C7BD-EBB3-4E09-B3A2-51F633CBA33F",
              "versionEndIncluding": "1.3.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A92C59FE-2F13-4F11-A47E-735014B40B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA846C3B-DE83-45BC-8ADF-D9D165A1B35E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF523E1B-C927-477A-AEA4-0FD09FB6D00F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F1FF1D9-6A92-40EA-AA97-F1E2FCFFE337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F9095-899B-4A78-8C43-5F8A78739A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "852B6280-0C65-4109-A5C9-AB4829706BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FED4E4-C729-4A09-ACE6-5A894E25BEC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47E5C82-6BD7-464F-A43A-EE0239A9AA94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "415118D8-A0F4-447F-8EB8-70118FAA53D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14AED43-AA7D-4D28-A78C-93DFE8FCBE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A39D319-067C-4362-89A4-EF19C4800FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4735424A-623E-4131-991A-B8B5EC0C86DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E42DAE6-81B1-4754-A612-0CB237645362",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7D6385-F555-4E9A-95D0-4B8EA6EE9007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6B9604-B425-4E13-B421-D4ACDA6B7061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AD6CD2-FF99-4D04-9BF3-ED1172393558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "148503FA-5075-4DF5-A7FE-999705A7CE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "735FF1FA-5057-4B1F-A294-2A752BCA194D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E913BE-BED6-45BC-93B0-8E8ED8CADA90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1687047-9637-40AA-BDBA-307A0CF759A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D54D37-B4C6-4C02-990A-FE4B3AF14C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A25C01B-694D-49AE-BBA6-2DF97DADC476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B89ADD3F-96F0-4446-84BB-9AC89C87BC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "962080EE-E28E-42B5-8EC3-04027B2C1EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B905B5-3CD1-49E2-BF39-10AD5D1A08DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6CD0AD-C015-4AE1-9DA4-34807B39A566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD288DA7-09D4-4EF3-A9FF-BF64A173E4CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A19A247-6ED3-4285-BFE5-D9B1A1EE65ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F9DE85D-F318-458A-AE15-B3817D59A639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF113932-7630-43CD-8E2F-F528F2ADE13D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "85833DE5-0976-4878-956A-C62FA8D62320",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A24CE54-FC14-4E60-B544-D3A560A997A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB906A07-7365-4859-9702-89B689FE7511",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A4FF89D-7336-43A1-9BA7-08DDC4870603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7764DE0F-5D55-4428-BADE-EF778317D25D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C409371F-4106-4A7D-ACA9-8B6078EFE159",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89D9745-140B-4E30-A356-4E45E8BC7B4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "645A3263-E14F-4A55-A6C7-C1DC8A6E1D26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3501FE83-3C34-40F9-906D-903657CAF4D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "559EE0DF-1B70-46F3-83D5-4DB5E8B2C7FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04363963-0870-4048-BD20-A875C5E766D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECAFDD11-741A-4D0F-B1A4-1B559E1FF183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3A08BC-FEA5-4AF4-8E7B-64897161587B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC924947-81BE-4A20-9BF4-E8EB821AD2FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "02436F5B-2E4C-436B-80D7-5043C498198D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0980065-E8E3-4985-88A3-A1CC034F4EB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADEBD57-B8A6-4041-951F-E125F753D656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FDC9FE-4BE8-4D11-B89F-FF261DBDC5F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF31307-C052-443B-8BAC-A07E536684E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "48278C21-ED8B-4AB3-A43F-E1AABA9BEB5B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n predeterminada de nginx, posiblemente versi\u00f3n 1.3.13 y anteriores, utiliza permisos de lectura global para los archivos (1) access.log y (2) error.log, que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de los archivos."
    }
  ],
  "evaluatorComment": "AV:N per http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml\n\nand per http://secunia.com/advisories/55181",
  "id": "CVE-2013-0337",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-10-27T00:55:03.713",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55181"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-0337 (GCVE-0-2013-0337)

Vulnerability from cvelistv5

Published

2013-10-27 00:00