Main Vulnerability Database SB2017030304

SB2017030304 - Open redirect in cPanel

Published: March 3, 2017 Updated: July 23, 2020

Security Bulletin ID SB2017030304

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Open redirect (CVE-ID: CVE-2017-5614)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.

Remediation

Install update from vendor's website.

References

http://www.openwall.com/lists/oss-security/2017/01/28/8
http://www.securityfocus.com/bid/95870
https://news.cpanel.com/tsr-2017-0001-full-disclosure/