thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVSS 2.0
Severity: LOW
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| opensuse | opensuse | 12.2 |
| opensuse | opensuse | 12.3 |
| open_source_development_team | sthttpd | 2.26 |
| open_source_development_team | sthttpd | 2.26.2 |
| opensuse | opensuse | 13.1 |
| gentoo | linux | * |
| open_source_development_team | sthttpd | 2.26.3 |
| open_source_development_team | sthttpd | * |
| acme | thttpd | 2.25 |
| fedoraproject | fedora | 17 |
| fedoraproject | fedora | 18 |
| open_source_development_team | sthttpd | 2.26.1 |