CVE-2004-1603

MEDIUM

Cpanel - Symlink Following

Title source: rule

Description

cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

References (7)

[Mailing List] http://marc.info/?l=bugtraq&m=109811572123753&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=109811654104208&w=2

[Broken Link, Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/12865

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/11449

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry, Vendor Advisory] http://www.securityfocus.com/bid/11455

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17779

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17780

Scores

CVSS v3 5.5

EPSS 0.0012

EPSS Percentile 31.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-59

Status draft

Affected Products (1)

cpanel/cpanel

Timeline

Published Oct 18, 2004

Tracked Since Feb 18, 2026