cPanel.Failurl.Header.Injection
Description
This indicates an attempt to exploit an HTTP Response Splitting vulnerability in cPanel.
This is caused by the application's failure to sanitize user supplied input to the "failurl" parameter. A successful attack may allow a remote attacker to steal cookie-based authentication credentials and control the web content. Other attacks are also possible.
Affected Products
cPanel 11.25 build 42174
WebHost Manager 11.25 build 42174
Previous versions may also be affected.
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Information Spoofing.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://www.cpanel.net
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-02 | 16.972 |