Main Vulnerability Database Vulnerabilities #VU44

Information exposure via log files - #VU44

Published: June 28, 2016

Vulnerability identifier: #VU44

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrectly set default world-readable permissions when creating new log files via dnsadmin-startup and spamd-startup. A remote authenticated user can gain access to potentially sensitive data.

Successful exploitation of this vulnerability may allow an attacker to read log files and obtain potentially sensitive information.

Remediation

Install the latest version 11.56.0.15.

Sources

http://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/

Information exposure via log files - #VU44

Detailed vulnerability description

Remediation

Sources

Please verify you're human