Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

cPanel Front Page Extension Installation Information Disclosure

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running a version of cPanel that is older or as old as version 9.9.1.

The remote version of this software is vulnerable to two flaws : - An information disclosure flaw if the FrontPage Extension is installed that may allow a local attacker to read arbitrary files on the remote host with the privileges of the 'cpsvrd' process. - A file ownership problem in the FrontPage Extension that may allow a local attacker to read the content of a .htaccess file ;

Solution

Upgrade or patch according to vendor recommendations.