nvd-json-data-feeds/CVE-2013/CVE-2013-03xx/CVE-2013-0337.json

{
  "id": "CVE-2013-0337",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2013-10-27T00:55:03.713",
  "lastModified": "2024-11-21T01:47:20.080",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files."
    },
    {
      "lang": "es",
      "value": "La configuraci\u00f3n predeterminada de nginx, posiblemente versi\u00f3n 1.3.13 y anteriores, utiliza permisos de lectura global para los archivos (1) access.log y (2) error.log, que permite a usuarios locales obtener informaci\u00f3n sensible mediante la lectura de los archivos."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "baseScore": 7.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "1.3.13",
              "matchCriteriaId": "B697C7BD-EBB3-4E09-B3A2-51F633CBA33F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A92C59FE-2F13-4F11-A47E-735014B40B96"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA846C3B-DE83-45BC-8ADF-D9D165A1B35E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF523E1B-C927-477A-AEA4-0FD09FB6D00F"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F1FF1D9-6A92-40EA-AA97-F1E2FCFFE337"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA8F9095-899B-4A78-8C43-5F8A78739A8C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "852B6280-0C65-4109-A5C9-AB4829706BE2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37FED4E4-C729-4A09-ACE6-5A894E25BEC3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47E5C82-6BD7-464F-A43A-EE0239A9AA94"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "415118D8-A0F4-447F-8EB8-70118FAA53D8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14AED43-AA7D-4D28-A78C-93DFE8FCBE28"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A39D319-067C-4362-89A4-EF19C4800FAB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "4735424A-623E-4131-991A-B8B5EC0C86DF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E42DAE6-81B1-4754-A612-0CB237645362"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7D6385-F555-4E9A-95D0-4B8EA6EE9007"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6B9604-B425-4E13-B421-D4ACDA6B7061"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AD6CD2-FF99-4D04-9BF3-ED1172393558"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "148503FA-5075-4DF5-A7FE-999705A7CE97"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "735FF1FA-5057-4B1F-A294-2A752BCA194D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E913BE-BED6-45BC-93B0-8E8ED8CADA90"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1687047-9637-40AA-BDBA-307A0CF759A4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D54D37-B4C6-4C02-990A-FE4B3AF14C57"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A25C01B-694D-49AE-BBA6-2DF97DADC476"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B89ADD3F-96F0-4446-84BB-9AC89C87BC6D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "962080EE-E28E-42B5-8EC3-04027B2C1EED"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B905B5-3CD1-49E2-BF39-10AD5D1A08DF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B6CD0AD-C015-4AE1-9DA4-34807B39A566"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD288DA7-09D4-4EF3-A9FF-BF64A173E4CF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A19A247-6ED3-4285-BFE5-D9B1A1EE65ED"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F9DE85D-F318-458A-AE15-B3817D59A639"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF113932-7630-43CD-8E2F-F528F2ADE13D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "85833DE5-0976-4878-956A-C62FA8D62320"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A24CE54-FC14-4E60-B544-D3A560A997A2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB906A07-7365-4859-9702-89B689FE7511"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A4FF89D-7336-43A1-9BA7-08DDC4870603"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "7764DE0F-5D55-4428-BADE-EF778317D25D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C409371F-4106-4A7D-ACA9-8B6078EFE159"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F89D9745-140B-4E30-A356-4E45E8BC7B4E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "645A3263-E14F-4A55-A6C7-C1DC8A6E1D26"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3501FE83-3C34-40F9-906D-903657CAF4D9"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "559EE0DF-1B70-46F3-83D5-4DB5E8B2C7FB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "04363963-0870-4048-BD20-A875C5E766D0"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECAFDD11-741A-4D0F-B1A4-1B559E1FF183"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3A08BC-FEA5-4AF4-8E7B-64897161587B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC924947-81BE-4A20-9BF4-E8EB821AD2FA"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "02436F5B-2E4C-436B-80D7-5043C498198D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0980065-E8E3-4985-88A3-A1CC034F4EB2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADEBD57-B8A6-4041-951F-E125F753D656"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FDC9FE-4BE8-4D11-B89F-FF261DBDC5F4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAF31307-C052-443B-8BAC-A07E536684E3"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:f5:nginx:1.3.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "48278C21-ED8B-4AB3-A43F-E1AABA9BEB5B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://secunia.com/advisories/55181",
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1",
      "source": "secalert@redhat.com"
    },
    {
      "url": "http://secunia.com/advisories/55181",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2013/02/21/15",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2013/02/22/1",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "http://www.openwall.com/lists/oss-security/2013/02/24/1",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ],
  "evaluatorComment": "AV:N per http://www.gentoo.org/security/en/glsa/glsa-201310-04.xml\n\nand per http://secunia.com/advisories/55181"
}