Vulnerability Details : CVE-2004-1603
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
Products affected by CVE-2004-1603
- cpe:2.3:a:cpanel:cpanel:9.4.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1603
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST | 2024-01-26 |
CWE ids for CVE-2004-1603
-
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2004-1603
-
http://marc.info/?l=bugtraq&m=109811572123753&w=2
'cPanel hardlink backup issue' - MARCMailing List
-
http://www.securityfocus.com/bid/11449
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://www.securityfocus.com/bid/11455
Broken Link;Exploit;Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=109811654104208&w=2
'cPanel hardlink chown issue' - MARCMailing List
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17779
cPanel backup could allow an attacker to view files CVE-2004-1603 Vulnerability ReportThird Party Advisory;VDB Entry
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17780
cPanel .htaccess modify ownership of files CVE-2004-1603 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://secunia.com/advisories/12865
About Secunia Research | FlexeraBroken Link;Exploit;Patch;Vendor Advisory
Jump to