Newsroom

cPanel Security Advisory: CVE 2009-2275

Summary
Updated builds of cPanel 11.24.4 that fix a security issue are available for users of EDGE, CURRENT, RELEASE and STABLE.

Security Rating
This update has been rated as having a trivial security impact by the cPanel Security team.

Description
The Latest Visitors interface ( /frontend/x3/stats/lastvisit.html ) displays the last few entries from the access_log of a selected domain owned by an account. Due to improper handling of user input, an authenticated user could use a carefully crafted URL to view the contents of world-readable files on the system.

Solution
cPanel users should update to 11.24.4 build 36912 or higher, which contain a fix for this issue.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2275