Release date:
Updated on: 2013-02-26
Affected Systems:
Igor Sysoev nginx
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58105
CVE (CAN) ID: CVE-2013-0337
Nginx is a widely used high-performance Web server.
On Gentoo,/var/log/nginx is globally accessible, and the log files in the directory are also globally readable, which allows unauthorized users to read log files.
<* Source: agstino Sarubbo
Link: http://seclists.org/oss-sec/2013/q1/424
Https://bugzilla.redhat.com/show_bug.cgi? CVE-2013-0337
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Igor Sysoev
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://nginx.net/