World-readable permissions on access.log and error.log files in default nginx configuration

CVE-2013-0337 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.

Learn more about our Cis Benchmark Audit For Nginx.