Lucene search

[email protected]CVE-2017-18424

HistoryAug 02, 2019 - 4:15 p.m.

CVE-2017-18424

2019-08-0216:15:12

CWE-200

[email protected]

web.nvd.nist.gov

cpanel

apache

http server

configuration

vulnerability

cve-2017-18424

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

In cPanel before 66.0.2, the Apache HTTP Server configuration file is changed to world-readable when rebuilt (SEC-274).

Affected configurations

NVD

Node

cpanelcpanelRange60.0.3–60.0.45

cpanelcpanelRange62.0.1–62.0.27

cpanelcpanelRange64.0.0–64.0.33

cpanelcpanelRange66.0.1–66.0.2

CPENameOperatorVersion
cpanel:cpanelcpanellt60.0.45
cpanel:cpanelcpanellt62.0.27
cpanel:cpanelcpanellt64.0.33
cpanel:cpanelcpanellt66.0.2

CPE	Name	Operator	Version
cpanel:cpanel	cpanel	lt	60.0.45
cpanel:cpanel	cpanel	lt	62.0.27
cpanel:cpanel	cpanel	lt	64.0.33
cpanel:cpanel	cpanel	lt	66.0.2

References

documentation.cpanel.net/display/CL/66+Change+Log

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2017-18424

nvd1 prion1 cvelist1