Bobcares

cPanel Self-XSS vulnerability – How do we tackle this?

by | Jan 31, 2020

 cPanel Self-XSS vulnerability affected your servers too? We can help you tackle it.

Upgrading cPanel and WHM is the best way to fight against this vulnerability.

At Bobcares, we often get requests regarding the vulnerability, as a part of our Server Management Services.

Today, let’s see how our Support Engineers deal with this.

 

What is Self-XSS?

It is an attack used to gain control of users’ web accounts. In this attack, the attacker tricks the victim to run malicious code in his web browser.

This way, the victim unknowingly exposes his web to the attacker.

What is the new Self-XSS vulnerability in WHM and cPanel?

Vulnerabilities are critical. Here is a new vulnerability in WHM and cPanel.

WHM/cPanel and its APIs allow specifying a temporary character set. And, this is for the HTTP responses.

But, most of these APIs and interfaces do not expect to have a changed character set for their responses. This non-clarity can allow an attacker to make use of victims’ browsers to parse and execute the vulnerable code.

The attacker utilizes the feature of WHM/cPanel allowing temporary character set for this.

Today, let’s discuss how our Dedicated Engineers mitigate the cPanel Self-XSS vulnerability and check whether they are safe.

 

Is my server under risk?

Yes, maybe. But, please don’t wait too long for confirming. Here is the way for checking whether your WHM and cPanel are vulnerable or not.

If the cPanel version is not the latest, then yes, your servers are at risk. Upgrading WHM/cPanel from an older version to 11.84.0.20, 11.78.0.45 or the latest closes the loop-hole for the Self-XSS vulnerability.

So, our Engineers always suggest making sure that the cPanel and WHM are upgraded for protecting your accounts from this.

We check the cPanel/WHM version in many ways.

1. By using the ‘cPanel’ command

/usr/local/cPanel/cPanel-V

2. By looking at Version file

cat/usr/local/cPanel/version

3 And from the rightmost corner of your WHM panel as shown in the below figure.

cPanel Self-XSS vulnerability

If the version is not 11.84.0.20,11.78.0.45 or the latest, we suggest upgrading it immediately as these vulnerabilities are really critical.

At Bobcares, we are getting many requests for updating the versions of WHM and cPanel these days. Upgrades naturally affect the working of the websites. Therefore, the real merit lies in upgrading the server without causing downtime.

Thus, before doing those upgrades, our Support Engineers always assess the server configuration first. It involves checking the effect of upgrades on related packages. Furthermore, we take enough backups of the server configurations.  This helps in quick recovery in case of any failures.

 

[Do you need help to upgrade WHM and cPanel versions? Our experts can help you.]

 

Conclusion

In short, we can resolve this vulnerability in WHM and cPanel by upgrading their version to 11.84.0.20,11.78.0.45 or the latest. And our Support Engineers are here for any kind of support.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.