Details of VAR-201908-1388

ID

VAR-201908-1388

CVE

CVE-2017-18428

TITLE

cPanel Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-014650

DESCRIPTION

In cPanel before 66.0.2, Apache HTTP Server domlogs become temporarily world-readable during log processing (SEC-290). cPanel Contains an information disclosure vulnerability.Information may be obtained. cPanel is a set of web-based automated hosting platform for cPanel. The platform is primarily used to automate the management of websites and servers. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.16

sources: NVD: CVE-2017-18428 // JVNDB: JVNDB-2017-014650 // CNVD: CNVD-2019-26002

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-26002

AFFECTED PRODUCTS

vendor:	cpanel	model:	cpanel	scope:	lt	version:	66.0.2	Trust: 2.4
vendor:	cpanel	model:	cpanel	scope:	gte	version:	57.9999.48	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	gte	version:	61.9999.55	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	gte	version:	59.9999.58	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	lt	version:	60.0.45	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	lt	version:	62.0.27	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	lt	version:	58.0.52	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	gte	version:	55.9999.61	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	lt	version:	56.0.51	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	lt	version:	64.0.33	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	gte	version:	65.9999.38	Trust: 1.0
vendor:	cpanel	model:	cpanel	scope:	gte	version:	63.9999.74	Trust: 1.0

sources: CNVD: CNVD-2019-26002 // JVNDB: JVNDB-2017-014650 // NVD: CVE-2017-18428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-18428
value:	LOW
Trust: 1.0
NVD:	CVE-2017-18428
value:	LOW
Trust: 0.8
CNVD:	CNVD-2019-26002
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-224
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2017-18428
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-26002
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-18428
baseSeverity:	LOW
baseScore:	2.5
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.0
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-26002 // JVNDB: JVNDB-2017-014650 // CNNVD: CNNVD-201908-224 // NVD: CVE-2017-18428

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2017-014650 // NVD: CVE-2017-18428

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-224

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-224

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014650

PATCH

title:	66 Change Log	url:	https://documentation.cpanel.net/display/CL/66+Change+Log	Trust: 0.8
title:	Patch for cPanel Information Disclosure Vulnerability (CNVD-2019-26002)	url:	https://www.cnvd.org.cn/patchInfo/show/173275	Trust: 0.6
title:	cPanel Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95989	Trust: 0.6

sources: CNVD: CNVD-2019-26002 // JVNDB: JVNDB-2017-014650 // CNNVD: CNNVD-201908-224

EXTERNAL IDS

db:	NVD	id:	CVE-2017-18428	Trust: 3.0
db:	JVNDB	id:	JVNDB-2017-014650	Trust: 0.8
db:	CNVD	id:	CNVD-2019-26002	Trust: 0.6
db:	CNNVD	id:	CNNVD-201908-224	Trust: 0.6

sources: CNVD: CNVD-2019-26002 // JVNDB: JVNDB-2017-014650 // CNNVD: CNNVD-201908-224 // NVD: CVE-2017-18428

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2017-18428	Trust: 2.0
url:	https://documentation.cpanel.net/display/cl/66+change+log	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-18428	Trust: 0.8

sources: CNVD: CNVD-2019-26002 // JVNDB: JVNDB-2017-014650 // CNNVD: CNNVD-201908-224 // NVD: CVE-2017-18428

SOURCES

db:	CNVD	id:	CNVD-2019-26002
db:	JVNDB	id:	JVNDB-2017-014650
db:	CNNVD	id:	CNNVD-201908-224
db:	NVD	id:	CVE-2017-18428

LAST UPDATE DATE

2024-11-23T23:01:42.539000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-26002	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-014650	date:	2019-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201908-224	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2017-18428	date:	2024-11-21T03:20:05.830

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-26002	date:	2019-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2017-014650	date:	2019-08-13T00:00:00
db:	CNNVD	id:	CNNVD-201908-224	date:	2019-08-02T00:00:00
db:	NVD	id:	CVE-2017-18428	date:	2019-08-02T16:15:12.537