VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 13, 2013· Updated Apr 29, 2026

CVE-2013-0348

CVE-2013-0348

Description

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

Affected products

12
  • Acme/Thttpd
    cpe:2.3:a:acme:thttpd:2.25:b:*:*:*:*:*:*
  • Open Source Development Team/Sthttpd5 versions
    cpe:2.3:a:open_source_development_team:sthttpd:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:open_source_development_team:sthttpd:*:*:*:*:*:*:*:*range: <=2.26.4
    • cpe:2.3:a:open_source_development_team:sthttpd:2.26:*:*:*:*:*:*:*
    • cpe:2.3:a:open_source_development_team:sthttpd:2.26.1:*:*:*:*:*:*:*
    • cpe:2.3:a:open_source_development_team:sthttpd:2.26.2:*:*:*:*:*:*:*
    • cpe:2.3:a:open_source_development_team:sthttpd:2.26.3:*:*:*:*:*:*:*
  • Fedoraproject/Fedora2 versions
    cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
  • Gentoo/Linux
    cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE3 versions
    cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.