CVE-2017-18412

Published Aug 2, 2019

Last updated 5 years ago

CVSS low 2.5

Overview

Description: cPanel before 67.9999.103 allows Apache HTTP Server log files to become world-readable because of mishandling on an account rename (SEC-296).
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 2.5
Impact score: 1.4
Exploitability score: 1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: LOW

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-532

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08B24A9B-F2D3-4282-9270-0A6E3166B726",
            "versionEndExcluding": "56.0.52",
            "versionStartIncluding": "55.9999.61"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C72F220-BEF2-41F6-8312-A5DE70D2E218",
            "versionEndExcluding": "60.0.48",
            "versionStartIncluding": "59.9999.58"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6F6E962-A1DA-4B7F-9A32-1182DAA065D5",
            "versionEndExcluding": "62.0.30",
            "versionStartIncluding": "61.9999.55"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "179399A2-B445-44BF-BB64-F212CB267EB0",
            "versionEndExcluding": "64.0.40",
            "versionStartIncluding": "64.0.0"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6FDB6E8-4C9D-47B4-90AD-6022D9DD5976",
            "versionEndExcluding": "66.0.23",
            "versionStartIncluding": "65.9999.38"
          },
          {
            "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B4EC93-FA39-4633-92FD-B7CA330D3F2D",
            "versionEndExcluding": "67.9999.103",
            "versionStartIncluding": "67.9999.64"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References