In case you couldn’t attend yesterday’s webinar, we’ve made a recording of it available to you. The slides are also linked below. Enjoy!
A HTTP response splitting vulnerability was discovered in versions of cPanel prior to 11.25.0 Build 42174. This vulnerability has been addressed and corrected. An open redirection vulnerability was also discovered in 11.25.0 builds prior to 43786 which is also corrected.
This update has been rated as having a moderate security impact by the cPanel Security team.
The HTTP response splitting vulnerability was discovered in the use of the ‘failurl’ parameter of the cPanel login page. No validation was performed on the contents of this parameter. This could allow a malicious user to control the HTTP response header and subsequently perform an attack involving HTTP header injection, such as manipulation of cookies or XSS.
Further no control was given to system administrators over the content of the ‘failurl’ parameter allowing user to use a vulnerable cPanel server as an Open Redirection server.
The HTTP Response Splitting vulnerabilities were addressed in versions 11.25.0 builds 42174 and above and the Open Redirection vulnerability was addressed in versions 11.25.0 builds 43786 and above.
The ‘failurl’ parameter is not used in the default cPanel UI. Custom login pages and forms used by third parties do make use of this parameter. Beginning in cPanel 11.25.0 Build 43786 only ‘failurl’ values whitelisted by the system administrator will be processed by cPanel.
Originally reported by Moshe Ben Abu (Trancer) of Recognize-Security.
Quarterly Roadmap Webinar
Date: July 28, 2010
Time: 9am CDT (GMT -500)
This webinar is scheduled to last two hours, with the first hour being presentation and the second hour being allocated to answer your questions. Registration for this free webinar is required, but takes less than 5 minutes.
You can register at: http://go.cpanel.net/2010q3
Products and Features
cPanel has been busy on a wide array of projects. By attending this webinar, you will gain a better understanding of new features and products to become available in the next few months.
Enkompass 1.0 will be released this quarter. During this webinar, will discuss where you can acquire and explore licensing options for Enkompass. We will also look at the latest changes and additions done to Enkompass for its 1.0 release.
Our team of *nix developers have been working hard on cPanel/WHM version 11.25.2. We will discuss the new functionality that will be part of 11.25.2 and explore new pre-release resources that are available for your staff.
cPanel Conference 2010- Automation Bootcamp
The cPanel Conference team has been busy working with industry influencers to plan this year’s cPanel Conference. We’ll let you know which influencers are attending, provide you with session topics currently in development, and highlight other benefits of attending cPanel Conference 2010- Automation Bootcamp.
Register for this webinar at: http://go.cpanel.net/2010q3
Posted in Events, News
As always, we’ve made a recording of our latest webinar. It’s available below for your viewing pleasure. We’ve also included the slides from the presentation here:
Resellers & Branding
Veeple Interactive Video
The cPanel team wanted to issue a friendly reminder that registration is indeed open and in full swing. If you’ve already registered for cPanel Conference 2010, then you’re in good company! If you’ve not yet registered or had some problems during the registration process please give it another try. This year’s conference promises to fill up and will definitely be one to remember.
We’ll be adding more sessions & activities as time progresses so be sure to register early before the event sells out.
More info can be found here.
Registration can be found here.
This is a very common question on the cPanel forums. Many times ‘XYZ’ is adding a particular DNS zone or creating a MySQL database. In this blog post, we’ll go through the basics of script hooks and make a post hook that utilizes the XML-API to achieve ‘XYZ.’ Continue reading
Houston, TX–May 24, 2010–VPS.NET, CloudLinux, Platinum Server Management, and Attracta are the newest exhibitors at cPanel Conference 2010–Automation Bootcamp.
This year’s cPanel Conference will focus on teaching attendees various strategies and tactics to successfully compete on the web hosting battlefield. The purpose behind Automation Bootcamp is to immerse individuals into a setting that provides them with an engaging, hands-on learning experience.
cPanel’s Vice President of Operations, Aaron Phillips, said the Conference will be educational, as well as provide a great mix of business opportunities.
“Within minutes of announcing Automation Bootcamp, four exhibitors signed up to participate in this event,” Phillips said. “I am excited that VPS.NET, CloudLinux, Platinum Server Management, and Attracta will experience the cPanel Conference, and we look forward to introducing both their companies and products to the attendees.” Continue reading
We will focus on branding and reselling to assist you in customizing our software to better promote your company and/or brand.
During this webinar, the cPanel team will discuss:
- The Branding Editor
- Customized branding, beyond the Branding Editor
- Mass deployment of custom branding
- A Review of Resellers and how they benefit server administrators
Who should attend this webinar?
Anyone and everyone who has an interest in learning about the branding and reselling process should attend.
System administrators and hosting resellers, who have the most availability to utilizing branding capabilities, will benefit the most.
This webinar can be enjoyed by those with anywhere from no technical experience to those eager to perform tasks via the command line.
When: June 16, 2010 at 9:00AM CST
Register at: http://bit.ly/a1chCQ
Posted in Events, News
The website launched Saturday, and exhibitor packages are already moving quickly. Visit http://conference.cpanel.net/ today to secure your exhibitor and/or sponsor package. We are expecting to sell out quickly this year!
We would like to welcome our newest exhibitors to cPanel Conference 2010-Automation Bootcamp:
- VPS.net (General package)
- Attracta (Major package)
- Cloud Linux (Captain package)
- Platinum Server Management (Lieutenant package)
You may also request an exhibitor and/or sponsor package by contacting your account manager or via email@example.com.
cPanel Conference 2010 website is now live! We’ll be adding lots of great content as we go. Head on over, and check it out, and register.