Launchpad CVE tracker

CVE 2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Related bugs and status

CVE-2013-0337 (Candidate) is related to these bugs:

Bug #1193445: Directory /var/log/nginx is world readable [CVE-2013-0337]

		In	Importance	Status
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Ubuntu)	Low	Fix Released
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Debian)	Unknown	Fix Released
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Ubuntu Precise)	Low	Won't Fix
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Ubuntu Quantal)	Low	Won't Fix
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Ubuntu Raring)	Low	Won't Fix
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Ubuntu Saucy)	Low	Won't Fix
1193445	Directory /var/log/nginx is world readable [CVE-2013-0337]	nginx (Ubuntu Trusty)	Low	Fix Released

Bug #1262710: [MIR] nginx

Summary				In	Importance	Status
	1262710	[MIR] nginx		nginx (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0337

References