oss-sec mailing list archives
CVE request: varnish world-readable logdir
From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 13:55:51 +0100
Hello, varnish[1], an high-performance HTTP accelerator, has a world-readable log/logdir. Please assign a CVE # ls -la /var/log/varnish/ total 8 drwxr-xr-x 2 root root 4096 Feb 22 13:48 . drwxr-xr-x 8 root root 4096 Feb 22 13:50 .. -rw-r--r-- 1 root root 0 Feb 22 13:48 access.log [1]: https://www.varnish-cache.org/ -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE request: varnish world-readable logdir Agostino Sarubbo (Feb 22)
- Re: CVE request: varnish world-readable logdir Kurt Seifried (Feb 22)