I just noticed my nginx logdir and its content are world-readable: drwxr-xr-x 2 root root 4096 Jan 10 00:11 . drwxr-xr-x 16 root root 4096 Feb 21 17:46 .. -rw-r--r-- 1 root root 69415 Feb 21 17:46 error_log -rw-r--r-- 1 root root 93017 Feb 18 22:03 localhost.access_log -rw-r--r-- 1 root root 86227 Feb 18 22:03 localhost.error_log Please use CVE-2013-0337 for nginx world readable log files. Also Fedora 16 (and I assume 17/18) are affected by this: # ls -la /var/log/nginx/ total 8 drwxr-xr-x. 2 root root 4096 Feb 21 21:18 . drwxr-xr-x. 28 root root 4096 Feb 21 21:17 .. - -rw-r--r--. 1 root root 0 Feb 21 21:18 access.log - -rw-r--r--. 1 root root 0 Feb 21 21:18 error.log Sigh. I'm guessing a lot of other web servers are vulnerable by default on Linux and BSD distros too. Anyone care to make such a list and send it in?