Lucene search

[email protected]CVE-2004-1603

HistoryOct 18, 2004 - 4:00 a.m.

CVE-2004-1603

2004-10-1804:00:00

CWE-59

[email protected]

web.nvd.nist.gov

cpanel

local users

vulnerability

read

chown

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.8%

JSON

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

CPENameOperatorVersion
cpanel:cpanelcpaneleq9.4.1

CPE	Name	Operator	Version
cpanel:cpanel	cpanel	eq	9.4.1

References

marc.info/?l=bugtraq&m=109811572123753&w=2

marc.info/?l=bugtraq&m=109811654104208&w=2

secunia.com/advisories/12865

www.securityfocus.com/bid/11449

www.securityfocus.com/bid/11455

exchange.xforce.ibmcloud.com/vulnerabilities/17779

exchange.xforce.ibmcloud.com/vulnerabilities/17780

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

15.8%

JSON