cPanel Front Page Extension Installation Information Disclosure
Medium Nessus Network Monitor Plugin ID 2391
SynopsisThe remote host is vulnerable to multiple attack vectors.
DescriptionThe remote host is running a version of cPanel that is older or as old as version 9.9.1.
The remote version of this software is vulnerable to two flaws :
- An information disclosure flaw if the FrontPage Extension is installed that may allow a local attacker to read arbitrary files on the remote host with the privileges of the 'cpsvrd' process.
- A file ownership problem in the FrontPage Extension that may allow a local attacker to read the content of a .htaccess file ;
SolutionUpgrade or patch according to vendor recommendations.