3 matches found
openSUSE Security Update : thttpd (openSUSE-SU-2013:1862-1)
This update fixes the following security issue with thttpd : - fix CVE-2013-0348 bnc853381 - don't create a world readable logfile %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
CVE-2013-0348
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file...
CVE-2013-0348
CVE-2013-0348 affects thttpd/thttpd-derived sthttpd: versions prior to 2.26.4-r2 and 2.25b expose a world-readable /var/log/thttpd.log. The root cause is incorrect file permissions, permitting local users to read sensitive information from the log file. Implication: local information disclosure w...