CVE-2013-0337

{"id": "CVE-2013-0337", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-10-27T00:55:03.713", "references": [{"url": "http://secunia.com/advisories/55181", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55181", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://security.gentoo.org/glsa/glsa-201310-04.xml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/21/15", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/22/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2013/02/24/1", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files."}, {"lang": "es", "value": "La configuraci\u00f3n predeterminada de nginx, posiblemente versi\u00f3n 1.3.13 y anteriores, utiliza permisos de lectura global para los archivos (1) access.log y (2) error.log, que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de los archivos."}], "lastModified": "2024-11-21T01:47:20.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B697C7BD-EBB3-4E09-B3A2-51F633CBA33F", "versionEndIncluding": "1.3.13"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A92C59FE-2F13-4F11-A47E-735014B40B96"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA846C3B-DE83-45BC-8ADF-D9D165A1B35E"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF523E1B-C927-477A-AEA4-0FD09FB6D00F"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1FF1D9-6A92-40EA-AA97-F1E2FCFFE337"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA8F9095-899B-4A78-8C43-5F8A78739A8C"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "852B6280-0C65-4109-A5C9-AB4829706BE2"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37FED4E4-C729-4A09-ACE6-5A894E25BEC3"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B47E5C82-6BD7-464F-A43A-EE0239A9AA94"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "415118D8-A0F4-447F-8EB8-70118FAA53D8"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E14AED43-AA7D-4D28-A78C-93DFE8FCBE28"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A39D319-067C-4362-89A4-EF19C4800FAB"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4735424A-623E-4131-991A-B8B5EC0C86DF"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E42DAE6-81B1-4754-A612-0CB237645362"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D7D6385-F555-4E9A-95D0-4B8EA6EE9007"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC6B9604-B425-4E13-B421-D4ACDA6B7061"}, {"criteria": "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5AD6CD2-FF99-4D04-9BF3-ED1172393558"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "148503FA-5075-4DF5-A7FE-999705A7CE97"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "735FF1FA-5057-4B1F-A294-2A752BCA194D"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48E913BE-BED6-45BC-93B0-8E8ED8CADA90"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1687047-9637-40AA-BDBA-307A0CF759A4"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28D54D37-B4C6-4C02-990A-FE4B3AF14C57"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A25C01B-694D-49AE-BBA6-2DF97DADC476"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B89ADD3F-96F0-4446-84BB-9AC89C87BC6D"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "962080EE-E28E-42B5-8EC3-04027B2C1EED"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1B905B5-3CD1-49E2-BF39-10AD5D1A08DF"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B6CD0AD-C015-4AE1-9DA4-34807B39A566"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD288DA7-09D4-4EF3-A9FF-BF64A173E4CF"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A19A247-6ED3-4285-BFE5-D9B1A1EE65ED"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F9DE85D-F318-458A-AE15-B3817D59A639"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF113932-7630-43CD-8E2F-F528F2ADE13D"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85833DE5-0976-4878-956A-C62FA8D62320"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A24CE54-FC14-4E60-B544-D3A560A997A2"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB906A07-7365-4859-9702-89B689FE7511"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A4FF89D-7336-43A1-9BA7-08DDC4870603"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7764DE0F-5D55-4428-BADE-EF778317D25D"}, {"criteria": "cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C409371F-4106-4A7D-ACA9-8B6078EFE159"}, {"criteria": "cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F89D9745-140B-4E30-A356-4E45E8BC7B4E"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "645A3263-E14F-4A55-A6C7-C1DC8A6E1D26"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3501FE83-3C34-40F9-906D-903657CAF4D9"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "559EE0DF-1B70-46F3-83D5-4DB5E8B2C7FB"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04363963-0870-4048-BD20-A875C5E766D0"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECAFDD11-741A-4D0F-B1A4-1B559E1FF183"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C3A08BC-FEA5-4AF4-8E7B-64897161587B"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC924947-81BE-4A20-9BF4-E8EB821AD2FA"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02436F5B-2E4C-436B-80D7-5043C498198D"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0980065-E8E3-4985-88A3-A1CC034F4EB2"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0ADEBD57-B8A6-4041-951F-E125F753D656"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7FDC9FE-4BE8-4D11-B89F-FF261DBDC5F4"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CAF31307-C052-443B-8BAC-A07E536684E3"}, {"criteria": "cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "48278C21-ED8B-4AB3-A43F-E1AABA9BEB5B"}], "operator": "OR"}]}], "evaluatorComment": "AV:N per http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml\n\nand per http://secunia.com/advisories/55181", "sourceIdentifier": "secalert@redhat.com"}