Main Vulnerability Database Vulnerabilities #VU45

Information exposure via log files - #VU45

Published: June 28, 2016

Vulnerability identifier: #VU45

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor:

Affected software:

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrectly set default world-readable permissions when rotating logs via cpanellogd. A remote authenticated user can gain access to potentially sensitive data.

Successful exploitation of this vulnerability may allow an attacker to read log files and obtain potentially sensitive information.

Remediation

Install the latest version 11.56.0.15, 11.54.0.24, 11.52.6.1 or 11.50.6.2.

Sources

http://news.cpanel.com/cpanel-tsr-2016-0003-full-disclosure/

Information exposure via log files - #VU45

Detailed vulnerability description

Remediation

Sources

Please verify you're human