Vulnerability-Lookup

CVE-2017-18428 (GCVE-0-2017-18428)

Vulnerability from cvelistv5 – Published: 2019-08-02 15:47 – Updated: 2024-08-05 21:20

Summary

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

CNVD-2019-26002

Vulnerability from cnvd - Published: 2019-08-06

Title

cPanel信息泄露漏洞（CNVD-2019-26002）

Description

cPanel是美国cPanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 cPanel 66.0.2之前版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

Severity

中

Patch Name

cPanel信息泄露漏洞（CNVD-2019-26002）的补丁

Patch Description

cPanel是美国cPanel公司的一套基于Web的自动化主机托管平台。该平台主要用于自动化管理网站和服务器。 cPanel 66.0.2之前版本中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://documentation.cpanel.net/display/CL/66+Change+Log

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-18428

Impacted products

Name
cPanel cPanel <66.0.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-18428"
    }
  },
  "description": "cPanel\u662f\u7f8e\u56fdcPanel\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eWeb\u7684\u81ea\u52a8\u5316\u4e3b\u673a\u6258\u7ba1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u81ea\u52a8\u5316\u7ba1\u7406\u7f51\u7ad9\u548c\u670d\u52a1\u5668\u3002\n\ncPanel 66.0.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002",
  "discovererName": "unKnow",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://documentation.cpanel.net/display/CL/66+Change+Log",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-26002",
  "openTime": "2019-08-06",
  "patchDescription": "cPanel\u662f\u7f8e\u56fdcPanel\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eWeb\u7684\u81ea\u52a8\u5316\u4e3b\u673a\u6258\u7ba1\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u81ea\u52a8\u5316\u7ba1\u7406\u7f51\u7ad9\u548c\u670d\u52a1\u5668\u3002\r\n\r\ncPanel 66.0.2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u8fd0\u884c\u8fc7\u7a0b\u4e2d\u5b58\u5728\u914d\u7f6e\u7b49\u9519\u8bef\u3002\u672a\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u7ec4\u4ef6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "cPanel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-26002\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "cPanel cPanel \u003c66.0.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-18428",
  "serverity": "\u4e2d",
  "submitTime": "2019-08-06",
  "title": "cPanel\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-26002\uff09"
}

GSD-2017-18428

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

Aliases

CVE-2017-18428

Aliases

CVE-2017-18428

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-18428",
    "description": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).",
    "id": "GSD-2017-18428"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-18428"
      ],
      "details": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).",
      "id": "GSD-2017-18428",
      "modified": "2023-12-13T01:21:10.909779Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-18428",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
            "refsource": "CONFIRM",
            "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "56.0.51",
                "versionStartIncluding": "55.9999.61",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "58.0.52",
                "versionStartIncluding": "57.9999.48",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "60.0.45",
                "versionStartIncluding": "59.9999.58",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "62.0.27",
                "versionStartIncluding": "61.9999.55",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "66.0.2",
                "versionStartIncluding": "65.9999.38",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "64.0.33",
                "versionStartIncluding": "63.9999.74",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18428"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://documentation.cpanel.net/display/CL/66+Change+Log",
              "refsource": "CONFIRM",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2019-08-12T16:52Z",
      "publishedDate": "2019-08-02T16:15Z"
    }
  }
}

VAR-201908-1388

Vulnerability from variot - Updated: 2024-11-23 23:01

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201908-1388",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cpanel",
        "scope": "lt",
        "trust": 2.4,
        "vendor": "cpanel",
        "version": "66.0.2"
      },
      {
        "model": "cpanel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "57.9999.48"
      },
      {
        "model": "cpanel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "61.9999.55"
      },
      {
        "model": "cpanel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "59.9999.58"
      },
      {
        "model": "cpanel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "60.0.45"
      },
      {
        "model": "cpanel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "62.0.27"
      },
      {
        "model": "cpanel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "58.0.52"
      },
      {
        "model": "cpanel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "55.9999.61"
      },
      {
        "model": "cpanel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "56.0.51"
      },
      {
        "model": "cpanel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "64.0.33"
      },
      {
        "model": "cpanel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "65.9999.38"
      },
      {
        "model": "cpanel",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "cpanel",
        "version": "63.9999.74"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:cpanel:cpanel",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      }
    ]
  },
  "cve": "CVE-2017-18428",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2017-18428",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.8,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-26002",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 1.0,
            "id": "CVE-2017-18428",
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-18428",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-18428",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-26002",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-224",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-18428",
        "trust": 3.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "id": "VAR-201908-1388",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      }
    ]
  },
  "last_update_date": "2024-11-23T23:01:42.539000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "66 Change Log",
        "trust": 0.8,
        "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
      },
      {
        "title": "Patch for cPanel Information Disclosure Vulnerability (CNVD-2019-26002)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/173275"
      },
      {
        "title": "cPanel Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95989"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-18428"
      },
      {
        "trust": 1.6,
        "url": "https://documentation.cpanel.net/display/cl/66+change+log"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18428"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "date": "2019-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "date": "2019-08-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      },
      {
        "date": "2019-08-02T16:15:12.537000",
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-06T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-26002"
      },
      {
        "date": "2019-08-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      },
      {
        "date": "2019-08-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      },
      {
        "date": "2024-11-21T03:20:05.830000",
        "db": "NVD",
        "id": "CVE-2017-18428"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cPanel Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-014650"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-224"
      }
    ],
    "trust": 0.6
  }
}

GHSA-F4HF-PPPP-2HF4

Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:30

Details

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

Severity ?

2.5 (Low)


                  
                    CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-18428"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-08-02T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).",
  "id": "GHSA-f4hf-pppp-2hf4",
  "modified": "2024-04-04T01:30:57Z",
  "published": "2022-05-24T16:52:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18428"
    },
    {
      "type": "WEB",
      "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-18428

Vulnerability from fkie_nvd - Published: 2019-08-02 16:15 - Updated: 2024-11-21 03:20

Severity ?

2.5 (Low) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290).

References

	URL	Tags
	cve@mitre.org	https://documentation.cpanel.net/display/CL/66+Change+Log	Release Notes, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://documentation.cpanel.net/display/CL/66+Change+Log	Release Notes, Vendor Advisory

Impacted products

Vendor	Product	Version
cpanel	cpanel	*
cpanel	cpanel	*
cpanel	cpanel	*
cpanel	cpanel	*
cpanel	cpanel	*
cpanel	cpanel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB86F18E-DCE6-4780-9A4D-A95E1C44AD2B",
              "versionEndExcluding": "56.0.51",
              "versionStartIncluding": "55.9999.61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1655B2-A0F5-48FD-9A8C-03129C02A2DE",
              "versionEndExcluding": "58.0.52",
              "versionStartIncluding": "57.9999.48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDBFF216-2F0A-48F8-9A4D-63179DFACD53",
              "versionEndExcluding": "60.0.45",
              "versionStartIncluding": "59.9999.58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F646E95-64DD-4F95-9CF2-DD02A8E15931",
              "versionEndExcluding": "62.0.27",
              "versionStartIncluding": "61.9999.55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64EC469B-7352-479A-B1A2-A8564B979477",
              "versionEndExcluding": "64.0.33",
              "versionStartIncluding": "63.9999.74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cpanel:cpanel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53F31B57-361E-4D48-AF91-85DFA98D0011",
              "versionEndExcluding": "66.0.2",
              "versionStartIncluding": "65.9999.38",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290)."
    },
    {
      "lang": "es",
      "value": "En cPanel anterior a versi\u00f3n 66.0.2, los domlogs del Servidor HTTP de Apache se vuelven legibles por todo el mundo temporalmente durante el procesamiento de registros (SEC-290)."
    }
  ],
  "id": "CVE-2017-18428",
  "lastModified": "2024-11-21T03:20:05.830",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.5,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-02T16:15:12.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://documentation.cpanel.net/display/CL/66+Change+Log"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-18428 (GCVE-0-2017-18428)

CNVD-2019-26002

GSD-2017-18428

VAR-201908-1388

GHSA-F4HF-PPPP-2HF4

FKIE_CVE-2017-18428

Tags

Sightings

Nomenclature