Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Path-Based Vulnerability with webmail during PCI scan



  • rbairwell

    You'll need to probably ask your PCI/security team if it is true vulnerability - automated scans can only do "so much".

    However, the message does say that redirects to (as I would expect on a cPanel server) and that the page does return a "200 OK" (again as I would expect). The "vulnerability" listed is that "file, directory, or directory listing was discovered on the Web server" - so when you go to do you get a directory listing as the report says or do you actually get the Webmail login page (as I would suspect). If the latter, then it's a false positive.

  • nisamudeen97


    Thank you very much for the update.  There is no file / directory listing enabled here.   It shows login page. 

  • cPRex Jurassic Moderator

    I agree that this looks like a false positive from the scanning company.


Please sign in to leave a comment.