CVE-2013-0337

Published Oct 27, 2013
Last updated 3 years ago
Overview

Description: The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Source: secalert@redhat.com
NVD status: Analyzed
Hype score: Not currently trending
Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-264
Evaluator

Comment: AV:N per http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml and per http://secunia.com/advisories/55181
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B697C7BD-EBB3-4E09-B3A2-51F633CBA33F",
            "versionEndIncluding": "1.3.13"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A92C59FE-2F13-4F11-A47E-735014B40B96"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA846C3B-DE83-45BC-8ADF-D9D165A1B35E"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF523E1B-C927-477A-AEA4-0FD09FB6D00F"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F1FF1D9-6A92-40EA-AA97-F1E2FCFFE337"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA8F9095-899B-4A78-8C43-5F8A78739A8C"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "852B6280-0C65-4109-A5C9-AB4829706BE2"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37FED4E4-C729-4A09-ACE6-5A894E25BEC3"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B47E5C82-6BD7-464F-A43A-EE0239A9AA94"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "415118D8-A0F4-447F-8EB8-70118FAA53D8"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14AED43-AA7D-4D28-A78C-93DFE8FCBE28"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A39D319-067C-4362-89A4-EF19C4800FAB"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4735424A-623E-4131-991A-B8B5EC0C86DF"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E42DAE6-81B1-4754-A612-0CB237645362"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D7D6385-F555-4E9A-95D0-4B8EA6EE9007"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC6B9604-B425-4E13-B421-D4ACDA6B7061"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5AD6CD2-FF99-4D04-9BF3-ED1172393558"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "148503FA-5075-4DF5-A7FE-999705A7CE97"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "735FF1FA-5057-4B1F-A294-2A752BCA194D"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48E913BE-BED6-45BC-93B0-8E8ED8CADA90"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1687047-9637-40AA-BDBA-307A0CF759A4"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28D54D37-B4C6-4C02-990A-FE4B3AF14C57"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A25C01B-694D-49AE-BBA6-2DF97DADC476"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B89ADD3F-96F0-4446-84BB-9AC89C87BC6D"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "962080EE-E28E-42B5-8EC3-04027B2C1EED"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1B905B5-3CD1-49E2-BF39-10AD5D1A08DF"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B6CD0AD-C015-4AE1-9DA4-34807B39A566"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD288DA7-09D4-4EF3-A9FF-BF64A173E4CF"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A19A247-6ED3-4285-BFE5-D9B1A1EE65ED"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F9DE85D-F318-458A-AE15-B3817D59A639"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF113932-7630-43CD-8E2F-F528F2ADE13D"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85833DE5-0976-4878-956A-C62FA8D62320"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A24CE54-FC14-4E60-B544-D3A560A997A2"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB906A07-7365-4859-9702-89B689FE7511"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A4FF89D-7336-43A1-9BA7-08DDC4870603"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7764DE0F-5D55-4428-BADE-EF778317D25D"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C409371F-4106-4A7D-ACA9-8B6078EFE159"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F89D9745-140B-4E30-A356-4E45E8BC7B4E"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "645A3263-E14F-4A55-A6C7-C1DC8A6E1D26"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3501FE83-3C34-40F9-906D-903657CAF4D9"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "559EE0DF-1B70-46F3-83D5-4DB5E8B2C7FB"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04363963-0870-4048-BD20-A875C5E766D0"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECAFDD11-741A-4D0F-B1A4-1B559E1FF183"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C3A08BC-FEA5-4AF4-8E7B-64897161587B"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC924947-81BE-4A20-9BF4-E8EB821AD2FA"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02436F5B-2E4C-436B-80D7-5043C498198D"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0980065-E8E3-4985-88A3-A1CC034F4EB2"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0ADEBD57-B8A6-4041-951F-E125F753D656"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7FDC9FE-4BE8-4D11-B89F-FF261DBDC5F4"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CAF31307-C052-443B-8BAC-A07E536684E3"
          },
          {
            "criteria": "cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48278C21-ED8B-4AB3-A43F-E1AABA9BEB5B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Evaluator

Configurations

References
