CVE-2013-0345 — Cache Project Varnish Cache vulnerability

CWE-2647 documents5 sources

Severity

2.1LOWNVD

EPSS

0.0%

top 85.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Varnish Cache Project Varnish Cache

Timeline

PublishedMay 8

Latest updateMay 5

Description

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDvarnish_cache_project/varnish_cache3.0.3

🔴Vulnerability Details

GHSA

GHSA-pq5j-vx26-56wh: varnish 3↗2022-05-05

▶

CVEList

CVE-2013-0345: varnish 3↗2014-05-08

▶

📋Vendor Advisories

Debian

CVE-2013-0345: varnish - varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ director...↗2013

▶

💬Community

Bugzilla

CVE-2013-0345 varnish: world-readable log files [fedora-all]↗2013-02-25

▶

Bugzilla

CVE-2013-0345 varnish: world-readable log files↗2013-02-25

▶

Bugzilla

CVE-2013-0345 varnish: world-readable log files [epel-all]↗2013-02-25

▶