Vulnerability in Acme Thttpd
CVE-2013-0348
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
EPSS: 0.000 (11.5th percentile) — read the EPSS interpretation.
Affected products
- Acme Thttpd — versions 2.25
- Gentoo Linux
- Open_source_development_team Sthttpd — versions 2.26, 2.26.1, 2.26.2
- Fedoraproject Fedora — versions 17, 18
- Opensuse — versions 12.2, 12.3, 13.1
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20130222 Re: CVE request: sthttpd world-redable logdir (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- openSUSE-SU-2014:0021 (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_CONFIRM)
- openSUSE-SU-2013:1862 (vendor-advisory, x_refsource_SUSE)