Description

varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2013-0345

Related Vulnerabilities

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2817)

phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5368)

WordPress Plugin WordPress Bitcoin Payments-Blockonomics Cross-Site Scripting (3.2)

Drupal Core 5.x Session Fixation (5.0 - 5.19)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1761)

Severity

Low

Classification

CVE-2013-0345 CWE-264

Tags

Missing Update Known Vulnerabilities