CVE-2004-1603

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/11449	Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/11455	Exploit Patch Vendor Advisory
http://secunia.com/advisories/12865	Exploit Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=109811654104208&w=2
http://marc.info/?l=bugtraq&m=109811572123753&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/17780
https://exchange.xforce.ibmcloud.com/vulnerabilities/17779

Configurations

Configuration 1 (hide)

cpe:2.3:a:cpanel:cpanel:9.4.1_r64:*:*:*:*:*:*:*

Information

Published : 2004-10-17 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-1603

Mitre link : CVE-2004-1603

JSON object : View

CWE

NVD-CWE-Other

Products Affected

cpanel

cpanel

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11449", "name": "11449", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/11455", "name": "11455", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/12865", "name": "12865", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=109811654104208&w=2", "name": "20041018 cPanel hardlink chown issue", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=109811572123753&w=2", "name": "20041018 cPanel hardlink backup issue", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17780", "name": "cpanel-htaccess-modify-ownership(17780)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17779", "name": "cpanel-backup-view-file(17779)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1603", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-10-18T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cpanel:cpanel:9.4.1_r64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}

5.0 /10