CVE-2017-18407
MEDIUMcPanel < 60.0.48 - Improper Verification of Cryptographic Signature for Support-Agreement Download
Title source: llmDescription
cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279).
References (2)
Core 2
Core References
Vendor Advisory
https://news.cpanel.com/cpanel-tsr-2017-0005-full-disclosure/
Product, Release Notes x_refsource_confirm
https://documentation.cpanel.net/display/CL/68+Change+Log
Scores
CVSS v3
4.8
EPSS
0.0011
EPSS Percentile
28.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-347
Status
published
Products (1)
cpanel/cpanel
59.9999.58 - 60.0.48
Published
Aug 02, 2019
Tracked Since
Feb 18, 2026