4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.009 Low
EPSS
Percentile
83.2%
cPanel contains multiple cross-site request forgery (XSRF) vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands.
cPanel, a web-based tool that is designed to automate and control web sites and servers, contains multiple cross-site request forgery (XSRF
) vulnerabilities. These vulnerabilities may be triggered by a remote attacker who convinces an administrator to browse to a malicious website while logged into their cPanel account.
An attacker may be able to perform actions that only authorized administrators should be able to execute.
We are currently unaware of a practical solution to this problem.
Enable referrer checking
Referrer checking may mitigate some XSRF attacks. To enable referrer checking, follow the steps below. Note that referrer checking may cause some applications to fail.
Server configuration
Tweak Settings
Security`` in ``WebHost Manager``
Do not browse to untrusted sites
584089
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 22, 2008 Updated: April 28, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Michael Brooks for information that was used in this report.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2008-2043 |
---|---|
Severity Metric: | 2.25 Date Public: |