Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:584089
HistoryApr 30, 2008 - 12:00 a.m.

cPanel XSRF vulnerabilities

2008-04-3000:00:00
www.kb.cert.org
18

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

83.2%

JSON

Overview

cPanel contains multiple cross-site request forgery (XSRF) vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands.

Description

cPanel, a web-based tool that is designed to automate and control web sites and servers, contains multiple cross-site request forgery (XSRF) vulnerabilities. These vulnerabilities may be triggered by a remote attacker who convinces an administrator to browse to a malicious website while logged into their cPanel account.

Impact

An attacker may be able to perform actions that only authorized administrators should be able to execute.

Solution

We are currently unaware of a practical solution to this problem.

Enable referrer checking

Referrer checking may mitigate some XSRF attacks. To enable referrer checking, follow the steps below. Note that referrer checking may cause some applications to fail.

  1. Navigate to Server configuration
  2. Go to Tweak Settings
  3. Go to Security`` in ``WebHost Manager``
  4. Check the box and save the page

Do not browse to untrusted sites

Administrators can mitigate XSRF vulnerabilities in cPanel and other browser-based tools by not browsing to untrusted websites while logged into their account.

Vendor Information

584089

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

cPanel Inc. Affected

Notified: April 22, 2008 Updated: April 28, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Michael Brooks for information that was used in this report.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2008-2043
Severity Metric: 2.25 Date Public:

Related

seebug 1
nvd 1
prion 1
cvelist 1
cve 1
seebug
seebug
cPanel跨站请求δΌͺι€ ζΌζ΄ž
2008-05-07 00:00:00
nvd
nvd
CVE-2008-2043
2008-05-01 19:05:00
prion
prion
Cross site request forgery (csrf)
2008-05-01 19:05:00
cvelist
cvelist
CVE-2008-2043
2008-05-01 17:20:00
cve
cve
CVE-2008-2043
2008-05-01 19:05:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

83.2%

JSON
Related for VU:584089
seebug1nvd1prion1cvelist1cve1