Lucene search
RedhatCVE-2013-0337HistoryOct 27, 2013 - 12:55 a.m.
CVE-2013-0337
2013-10-2700:55:03
CWE-264
redhat
web.nvd.nist.gov
207
cve
2013
0337
nginx
default configuration
vulnerability
security
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
Low
EPSS
0.002
Percentile
56.9%
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Affected configurations
Node
f5nginxRangeโค1.3.13
ORf5nginxMatch1.0.0
ORf5nginxMatch1.0.1
ORf5nginxMatch1.0.2
ORf5nginxMatch1.0.3
ORf5nginxMatch1.0.4
ORf5nginxMatch1.0.5
ORf5nginxMatch1.0.6
ORf5nginxMatch1.0.7
ORf5nginxMatch1.0.8
ORf5nginxMatch1.0.9
ORf5nginxMatch1.0.10
ORf5nginxMatch1.0.11
ORf5nginxMatch1.0.12
ORf5nginxMatch1.0.13
ORf5nginxMatch1.0.14
ORf5nginxMatch1.0.15
ORf5nginxMatch1.1.0
ORf5nginxMatch1.1.1
ORf5nginxMatch1.1.2
ORf5nginxMatch1.1.3
ORf5nginxMatch1.1.4
ORf5nginxMatch1.1.5
ORf5nginxMatch1.1.6
ORf5nginxMatch1.1.7
ORf5nginxMatch1.1.8
ORf5nginxMatch1.1.9
ORf5nginxMatch1.1.10
ORf5nginxMatch1.1.11
ORf5nginxMatch1.1.12
ORf5nginxMatch1.1.13
ORf5nginxMatch1.1.14
ORf5nginxMatch1.1.15
ORf5nginxMatch1.1.16
ORf5nginxMatch1.1.17
ORf5nginxMatch1.1.18
ORf5nginxMatch1.1.19
ORf5nginxMatch1.2.0
ORf5nginxMatch1.3.0
ORf5nginxMatch1.3.1
ORf5nginxMatch1.3.2
ORf5nginxMatch1.3.3
ORf5nginxMatch1.3.4
ORf5nginxMatch1.3.5
ORf5nginxMatch1.3.6
ORf5nginxMatch1.3.7
ORf5nginxMatch1.3.8
ORf5nginxMatch1.3.9
ORf5nginxMatch1.3.10
ORf5nginxMatch1.3.11
ORf5nginxMatch1.3.12
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | nginx | * | cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.0 | cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.1 | cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.2 | cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.3 | cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.4 | cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.5 | cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.6 | cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.7 | cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:* |
| f5 | nginx | 1.0.8 | cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:* |
Related
openvas
openvas
Fedora Update for nginx FEDORA-2013-2955
2013-03-05 00:00:00
nginx <= 1.21.1 Information Disclosure Vulnerability
2021-07-01 00:00:00
Fedora Update for nginx FEDORA-2013-2955
2013-03-05 00:00:00
debiancve
debiancve
CVE-2013-0337
2013-10-27 00:55:03
nessus
nessus
nginx <= 1.3.13 Insecure Log Permissions
2019-03-05 00:00:00
Fedora 17 : nginx-1.0.15-9.fc17 (2013-2955)
2013-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: nginx-1.0.15-9.fc17
2013-03-04 22:43:19
nvd
nvd
CVE-2013-0337
2013-10-27 00:55:03
prion
prion
Default configuration
2013-10-27 00:55:00
seebug
seebug
Nginx 'access.log'ไธๅฎๅ
จๆไปถๆ้ๆผๆด
2013-02-28 00:00:00
cvelist
cvelist
CVE-2013-0337
2013-10-27 00:00:00
ubuntucve
ubuntucve
CVE-2013-0337
2013-10-27 00:00:00
CVE-2016-1247
2016-10-25 00:00:00
gentoo
gentoo
nginx: Multiple vulnerabilities
2013-10-06 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
5.7
Confidence
Low
EPSS
0.002
Percentile
56.9%
Related for CVE-2013-0337