virus logo Intrusion Prevention

cPanel.Failurl.Header.Injection

description-logoDescription

This indicates an attempt to exploit an HTTP Response Splitting vulnerability in cPanel.
This is caused by the application's failure to sanitize user supplied input to the "failurl" parameter. A successful attack may allow a remote attacker to steal cookie-based authentication credentials and control the web content. Other attacks are also possible.

affected-products-logoAffected Products

cPanel 11.25 build 42174
WebHost Manager 11.25 build 42174
Previous versions may also be affected.

Impact logoImpact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Information Spoofing.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
http://www.cpanel.net

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-02 16.972
ID 26978
Created Jul 04, 2011
Updated Dec 01, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app