Situation
An unauthenticated endpoint in cpsrvd was found that could allow the insertion of arbitrary HTTP headers. This affects cPanel & WHM versions 132 and higher.
Impact
We have pushed out a patch in the following cPanel & WHM versions:
- 11.132.0.32 and higher
- 11.134.0.26 and higher
- 11.136.0.10 and higher
We have pushed out a patch in the following WP Squared version:
- 11.136.1.12 and higher
Note: All further versions of cPanel are patched for this issue as well. Please see the latest changelogs for version information of each cPanel branch:
https://docs.cpanel.net/changelogs/
Call to Action
-
Update the cPanel version on the server to one of the versions listed above. This can be done with the following:
# /scripts/upcp --force
-
Once completed, verify the cPanel version with the following to ensure the update was successful.
# /usr/local/cpanel/cpanel -V
Additional Information
Additional security incidents are resolved in this latest release as well. Please see the following for more information:
Comments
0 comments
Article is closed for comments.