Executive Summary
Summary | |
---|---|
Title | cPanel XSRF vulnerabilities |
Informations | |||
---|---|---|---|
Name | VU#584089 | First vendor Publication | 2008-04-30 |
Vendor | VU-CERT | Last vendor Modification | 2008-05-13 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#584089cPanel XSRF vulnerabilitiesOverviewcPanel contains multiple cross-site request forgery (XSRF) vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands.I. DescriptioncPanel is a web-based tool that is designed to automate and control web sites and servers.cPanel contains multiple cross-site request forgery (XSRF) vulnerabilities. These vulnerabilities may be triggered by a remote attacker who convinces an administrator to browse to a malicious web site while logged into their cPanel account. Enable referrer checking
Do not browse to untrusted sites Administrators can mitigate XSRF vulnerabilities in cPanel and other browser-based tools by not browsing to untrusted websites while logged into their account. Systems Affected
References
Thanks to Michael Brooks for information that was used in this report. This document was written by Ryan Giobbi.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/584089 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-352 | Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44848 | cPanel frontend/x2/ftp/doaddftp.html command1 Parameter CSRF |
44847 | cPanel frontend/x2/sql/adduser.html command1 Parameter CSRF |
44846 | cPanel frontend/x2/sql/adddb.html command1 Parameter CSRF |
44845 | cPanel frontend/x2/cron/editcronsimple.html command1 Parameter CSRF |