Description
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
Remediation
References
Related Vulnerabilities
Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26134)
Internet Information Services Other Vulnerability (CVE-2000-1147)
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.2)
Oracle JRE CVE-2018-2639 Vulnerability (CVE-2018-2639)
OpenSSL Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-4044)