FKIE_CVE-2013-0337
Vulnerability from fkie_nvd - Published: 2013-10-27 00:55 - Updated: 2026-04-29 01:13
Severity ?
Summary
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | nginx | * | |
| f5 | nginx | 1.0.0 | |
| f5 | nginx | 1.0.1 | |
| f5 | nginx | 1.0.2 | |
| f5 | nginx | 1.0.3 | |
| f5 | nginx | 1.0.4 | |
| f5 | nginx | 1.0.5 | |
| f5 | nginx | 1.0.6 | |
| f5 | nginx | 1.0.7 | |
| f5 | nginx | 1.0.8 | |
| f5 | nginx | 1.0.9 | |
| f5 | nginx | 1.0.10 | |
| f5 | nginx | 1.0.11 | |
| f5 | nginx | 1.0.12 | |
| f5 | nginx | 1.0.13 | |
| f5 | nginx | 1.0.14 | |
| f5 | nginx | 1.0.15 | |
| f5 | nginx | 1.1.0 | |
| f5 | nginx | 1.1.1 | |
| f5 | nginx | 1.1.2 | |
| f5 | nginx | 1.1.3 | |
| f5 | nginx | 1.1.4 | |
| f5 | nginx | 1.1.5 | |
| f5 | nginx | 1.1.6 | |
| f5 | nginx | 1.1.7 | |
| f5 | nginx | 1.1.8 | |
| f5 | nginx | 1.1.9 | |
| f5 | nginx | 1.1.10 | |
| f5 | nginx | 1.1.11 | |
| f5 | nginx | 1.1.12 | |
| f5 | nginx | 1.1.13 | |
| f5 | nginx | 1.1.14 | |
| f5 | nginx | 1.1.15 | |
| f5 | nginx | 1.1.16 | |
| f5 | nginx | 1.1.17 | |
| f5 | nginx | 1.1.18 | |
| f5 | nginx | 1.1.19 | |
| f5 | nginx | 1.2.0 | |
| f5 | nginx | 1.3.0 | |
| f5 | nginx | 1.3.1 | |
| f5 | nginx | 1.3.2 | |
| f5 | nginx | 1.3.3 | |
| f5 | nginx | 1.3.4 | |
| f5 | nginx | 1.3.5 | |
| f5 | nginx | 1.3.6 | |
| f5 | nginx | 1.3.7 | |
| f5 | nginx | 1.3.8 | |
| f5 | nginx | 1.3.9 | |
| f5 | nginx | 1.3.10 | |
| f5 | nginx | 1.3.11 | |
| f5 | nginx | 1.3.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B697C7BD-EBB3-4E09-B3A2-51F633CBA33F",
"versionEndIncluding": "1.3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A92C59FE-2F13-4F11-A47E-735014B40B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA846C3B-DE83-45BC-8ADF-D9D165A1B35E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF523E1B-C927-477A-AEA4-0FD09FB6D00F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1FF1D9-6A92-40EA-AA97-F1E2FCFFE337",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA8F9095-899B-4A78-8C43-5F8A78739A8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "852B6280-0C65-4109-A5C9-AB4829706BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "37FED4E4-C729-4A09-ACE6-5A894E25BEC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B47E5C82-6BD7-464F-A43A-EE0239A9AA94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "415118D8-A0F4-447F-8EB8-70118FAA53D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E14AED43-AA7D-4D28-A78C-93DFE8FCBE28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4A39D319-067C-4362-89A4-EF19C4800FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "4735424A-623E-4131-991A-B8B5EC0C86DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6E42DAE6-81B1-4754-A612-0CB237645362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7D6385-F555-4E9A-95D0-4B8EA6EE9007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6B9604-B425-4E13-B421-D4ACDA6B7061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AD6CD2-FF99-4D04-9BF3-ED1172393558",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "148503FA-5075-4DF5-A7FE-999705A7CE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "735FF1FA-5057-4B1F-A294-2A752BCA194D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "48E913BE-BED6-45BC-93B0-8E8ED8CADA90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C1687047-9637-40AA-BDBA-307A0CF759A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "28D54D37-B4C6-4C02-990A-FE4B3AF14C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A25C01B-694D-49AE-BBA6-2DF97DADC476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B89ADD3F-96F0-4446-84BB-9AC89C87BC6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "962080EE-E28E-42B5-8EC3-04027B2C1EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B905B5-3CD1-49E2-BF39-10AD5D1A08DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6CD0AD-C015-4AE1-9DA4-34807B39A566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CD288DA7-09D4-4EF3-A9FF-BF64A173E4CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0A19A247-6ED3-4285-BFE5-D9B1A1EE65ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5F9DE85D-F318-458A-AE15-B3817D59A639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DF113932-7630-43CD-8E2F-F528F2ADE13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "85833DE5-0976-4878-956A-C62FA8D62320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6A24CE54-FC14-4E60-B544-D3A560A997A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "DB906A07-7365-4859-9702-89B689FE7511",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5A4FF89D-7336-43A1-9BA7-08DDC4870603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "7764DE0F-5D55-4428-BADE-EF778317D25D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C409371F-4106-4A7D-ACA9-8B6078EFE159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F89D9745-140B-4E30-A356-4E45E8BC7B4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "645A3263-E14F-4A55-A6C7-C1DC8A6E1D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3501FE83-3C34-40F9-906D-903657CAF4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "559EE0DF-1B70-46F3-83D5-4DB5E8B2C7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "04363963-0870-4048-BD20-A875C5E766D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ECAFDD11-741A-4D0F-B1A4-1B559E1FF183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C3A08BC-FEA5-4AF4-8E7B-64897161587B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AC924947-81BE-4A20-9BF4-E8EB821AD2FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02436F5B-2E4C-436B-80D7-5043C498198D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0980065-E8E3-4985-88A3-A1CC034F4EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0ADEBD57-B8A6-4041-951F-E125F753D656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FDC9FE-4BE8-4D11-B89F-FF261DBDC5F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CAF31307-C052-443B-8BAC-A07E536684E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "48278C21-ED8B-4AB3-A43F-E1AABA9BEB5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files."
},
{
"lang": "es",
"value": "La configuraci\u00f3n predeterminada de nginx, posiblemente versi\u00f3n 1.3.13 y anteriores, utiliza permisos de lectura global para los archivos (1) access.log y (2) error.log, que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de los archivos."
}
],
"evaluatorComment": "AV:N per http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml\n\nand per http://secunia.com/advisories/55181",
"id": "CVE-2013-0337",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-27T00:55:03.713",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55181"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…