Vigil@nce - nginx: log file reading
February 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can read nginx log files, in order to obtain
potentially sensitive information.
– Impacted products: nginx
– Severity: 1/4
– Creation date: 22/02/2013
DESCRIPTION OF THE VULNERABILITY
The nginx web server logs its events in the access.log file.
However, this file is created with the 0644 mode.
A local attacker can therefore read nginx log files, in order to
obtain potentially sensitive information.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/nginx-log-file-reading-12453