CVE-2013-0337 — F5 Nginx vulnerability

CWE-2646 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 29.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Nginx

Timeline

PublishedOct 27

Latest updateMay 5

Description

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDf5/nginx1.3.13+50

🔴Vulnerability Details

GHSA

GHSA-9ph7-v5fx-qwxf: The default configuration of nginx, possibly 1↗2022-05-05

▶

CVEList

CVE-2013-0337: The default configuration of nginx, possibly 1↗2013-10-27

▶

OSV

CVE-2013-0337: The default configuration of nginx, possibly 1↗2013-10-27

▶

📋Vendor Advisories

Debian

CVE-2013-0337: nginx - The default configuration of nginx, possibly 1.3.13 and earlier, uses world-read...↗2013

▶

💬Community

Bugzilla

CVE-2013-0337 nginx: world-readable log files↗2013-02-21

▶