CVE-2013-0337

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2013-0337

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-0337.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2013-0337

Downstream

DEBIAN-CVE-2013-0337

ECHO-56f7-b9e3-0470

UBUNTU-CVE-2013-0337

Published

2013-10-27T00:55:03Z

Modified

2026-04-10T03:42:39.856477Z

Summary

[none]

Details

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

References

http://secunia.com/advisories/55181
http://security.gentoo.org/glsa/glsa-201310-04.xml
http://www.openwall.com/lists/oss-security/2013/02/21/15
http://www.openwall.com/lists/oss-security/2013/02/22/1
http://www.openwall.com/lists/oss-security/2013/02/24/1

CVE-2013-0337

Affected packages