CVE Vulnerabilities

CVE-2016-10833

Improper Authentication

Published: Aug 01, 2019 | Modified: Aug 12, 2019
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

cPanel before 55.9999.141 mishandles username-based blocking for PRE requests in cPHulkd (SEC-104).

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Cpanel Cpanel 11.50.0.4 (including) 11.50.5.2 (excluding)
Cpanel Cpanel 11.51.9999.98 (including) 11.52.4.1 (excluding)
Cpanel Cpanel 11.54.0.0 (including) 11.54.0.20 (excluding)
Cpanel Cpanel 55.9999.61 (including) 55.9999.141 (excluding)

Potential Mitigations

References