CVE-2004-1603

Name of the Vulnerable Software and Affected Versions cPanel version 9.4.1-RELEASE-64

Description The issue allows local users to read arbitrary files via the backup feature or chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. This is due to the software following hard links.

Recommendations For cPanel version 9.4.1-RELEASE-64, consider restricting access to the backup feature and limiting modifications to the .htaccess file to minimize the risk of exploitation. As a temporary workaround, consider disabling Front Page extensions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.