Vulnerability Details : CVE-2013-0337
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Exploit prediction scoring system (EPSS) score for CVE-2013-0337
Probability of exploitation activity in the next 30 days: 0.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 56 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-0337
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-0337
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-0337
-
http://www.openwall.com/lists/oss-security/2013/02/21/15
oss-security - nginx world-readable logdir
-
http://security.gentoo.org/glsa/glsa-201310-04.xml
nginx: Multiple vulnerabilities (GLSA 201310-04) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2013/02/24/1
oss-security - nginx CVE-2013-0337 world-readable logs
-
http://www.openwall.com/lists/oss-security/2013/02/22/1
oss-security - Re: CVE request: nginx world-readable logdir
Products affected by CVE-2013-0337
- cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*