cPanel HTTP Response Splitting Vulnerability

Posted by Trancer on Jan 21 2010

cPanelSecurity Advisory for cPanel and WHM (WebHost Manager) versions 11.25.
Vulnerabilities found:

  • HTTP Response Splitting vulnerability
  • Open Redirection vulnerability

PDF Format cPanel HTTP Response Splitting Vulnerability – Security Advisory (PDF).
TXT Format cPanel HTTP Response Splitting Vulnerability – Security Advisory (TXT).

I’d like to point out the lame work of the cPanel Security Team on these vulnerabilities. Usually when I report a vulnerability, I get some kind of interaction with the vendor developers and/or the security team, most of the times I enjoy working with the people involved. In this case, the cPanel Security Team were unresponsive. Eventually I was forced to release the security advisory even though one of the vulnerabilities (the Open Redirection vulnerability) is still unpatched.

References:
BID 37902
OSVDB 61954
exploit-db 11211

Categories: Advisories

Share this on Facebook Share this on Twitter Digg thisShare this on redditShare this on LinkedInStumbleupon itDelicious
3 Comments | Comments RSS feedComments RSS | TrackBack URLTrackBack URL

3 Responses to “cPanel HTTP Response Splitting Vulnerability”

  1. | Infosec Events says:
    January 25, 2010 at 9:11 am

    [...] cPanel HTTP Response Splitting Vulnerability – rec-sec.com A couple of security flaws in the website control panel software are revealed. [...]

  2. Week 3 in Review – 2010 | Infosec Events says:
    January 25, 2010 at 9:23 am

    [...] cPanel HTTP Response Splitting Vulnerability – rec-sec.com A couple of security flaws in the website control panel software are revealed. [...]

  3. cPanel “failurl” HTTP Response Splitting Vulnerability « Bug-Blog says:
    January 28, 2010 at 7:40 pm

    [...] ORIGINAL ADVISORY: http://www.rec-sec.com/2010/01/21/cpanel-http-response-splitting-vulnerability/ [...]

Leave a Reply
Follow Recognize-Security on Twitter