oss-sec mailing list archives

CVE request: varnish world-readable logdir

From: Agostino Sarubbo <ago () gentoo org>
Date: Fri, 22 Feb 2013 13:55:51 +0100

Hello, varnish[1], an high-performance HTTP accelerator, has a world-readable 
log/logdir. Please assign a CVE


# ls -la /var/log/varnish/    
total 8                                                                                                                 
                                                            
drwxr-xr-x 2 root root 4096 Feb 22 13:48 .                                                                              
                                                            
drwxr-xr-x 8 root root 4096 Feb 22 13:50 ..                                                                             
                                                            
-rw-r--r-- 1 root root    0 Feb 22 13:48 access.log   


[1]: https://www.varnish-cache.org/

-- 
Agostino Sarubbo
Gentoo Linux Developer

Current thread:

CVE request: varnish world-readable logdir Agostino Sarubbo (Feb 22)
- Re: CVE request: varnish world-readable logdir Kurt Seifried (Feb 22)