Lucene search
Ubuntu.comUB:CVE-2013-0337HistoryOct 27, 2013 - 12:00 a.m.
CVE-2013-0337
2013-10-2700:00:00
ubuntu.com
ubuntu.com
23
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.5%
The default configuration of nginx, possibly 1.3.13 and earlier, uses
world-readable permissions for the (1) access.log and (2) error.log files,
which allows local users to obtain sensitive information by reading the
files.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701112>
- <https://bugs.launchpad.net/debian/+source/nginx/+bug/1193445>
- <https://trac.nginx.org/nginx/ticket/376>
Notes
| Author | Note |
|---|---|
| mdeslaur | The fix for CVE-2016-1247 in USN-3114-1 technically re-introduced this issue, but only for environments that configure non-default log filenames. Upstream will not be fixing the default permissions on log files. Marking this CVE as ignored, since the default configuration is not vulnerable and we will not be fixing this any further. |
Related
ubuntucve
ubuntucve
CVE-2016-1247
2016-10-25 00:00:00
debiancve
debiancve
CVE-2013-0337
2013-10-27 00:55:00
CVE-2016-1247
2016-11-29 17:59:00
nessus
nessus
Fedora 17 : nginx-1.0.15-9.fc17 (2013-2955)
2013-03-05 00:00:00
nginx <= 1.3.13 Insecure Log Permissions
2019-03-05 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : nginx vulnerability (USN-3114-1)
2016-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: nginx-1.0.15-9.fc17
2013-03-04 22:43:19
[SECURITY] Fedora 32 Update: nginx-1.20.0-2.fc32
2021-04-29 01:22:36
[SECURITY] Fedora 34 Update: nginx-1.20.0-2.fc34
2021-04-30 00:55:56
openvas
openvas
Fedora Update for nginx FEDORA-2013-2955
2013-03-05 00:00:00
Fedora Update for nginx FEDORA-2013-2955
2013-03-05 00:00:00
nginx <= 1.21.1 Information Disclosure Vulnerability
2021-07-01 00:00:00
cve
cve
CVE-2013-0337
2013-10-27 00:55:00
CVE-2016-1247
2016-11-29 17:59:00
prion
prion
Default configuration
2013-10-27 00:55:00
Code injection
2016-11-29 17:59:00
seebug
seebug
Nginx 'access.log'ไธๅฎๅ
จๆไปถๆ้ๆผๆด
2013-02-28 00:00:00
Nginx privilege elevation vulnerability (Debian, Ubuntu distributions)
2016-11-16 00:00:00
packetstorm
packetstorm
Nginx Root Privilege Escalation
2016-11-16 00:00:00
exploitpack
exploitpack
Nginx (Debian Based Distros + Gentoo) - logrotate Local Privilege Escalation
2016-11-16 00:00:00
debian
debian
[SECURITY] [DSA 3701-1] nginx security update
2016-10-25 19:07:07
[SECURITY] [DSA 3701-2] nginx regression update
2016-10-28 04:56:41
[SECURITY] [DSA 3701-2] nginx regression update
2016-10-28 04:56:41
redhatcve
redhatcve
CVE-2016-1247
2016-10-31 12:47:18
gentoo
gentoo
NGINX: Privilege escalation
2017-01-11 00:00:00
nginx: Multiple vulnerabilities
2013-10-06 00:00:00
ubuntu
ubuntu
nginx vulnerability
2016-10-25 00:00:00
myhack58
myhack58
osv
osv
nginx - security update
2016-10-25 00:00:00
zdt
zdt
Nginx (Debian-Based Distributions) - Local Privilege Escalation Exploit
2016-11-16 00:00:00
archlinux
archlinux
[ASA-201701-24] nginx-mainline: privilege escalation
2017-01-15 00:00:00
[ASA-201701-23] nginx: privilege escalation
2017-01-15 00:00:00
exploitdb
exploitdb
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
56.5%
Related for UB:CVE-2013-0337