-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 cPanel TSR-2014-0006 Full Disclosure Case 108965 Summary Bypass of account suspension via mod_userdir. Security Rating cPanel has assigned a Security Level of Moderate to this vulnerability. Description The fix for case 101677 in TSR-2014-0005 introduced a regression in account suspensions that allowed the web content of a suspended account to be viewed normally via Apache userdir style URLs. This has been corrected so that both NameVirtualHost and userdir access to the suspended account's web content is blocked. Credits This issue was discovered by the cPanel Security Team. Solution This issue is resolved in the following builds: 11.44.1.11 11.42.1.25 11.40.1.20 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJT6Sh1AAoJEJUhvtyr2U3fksMP/1JnLegnAeXHgTeV/ov6yOo+ 6IoQxaeM977S6ZkWBk++Um9KtEtDEgN1q7rJlau3pIMIE0pJ0zsxGM3H6SmCE3GU l57zHnG3/krBk0Fqr+vwi69fV/hPFQXL6x9pCm785tFAmFZyOvPjU8L+ZVhCapO8 493hMc+PgaK2W0EXcinxWwqhYG8z4axE8pts8IKo9Dss55WgiPWf5Xp2iGg1uiwT ZUIYXz1nMwt8VsDrdw4Ndw/JdXkjzTDkTm/Fg33Ssc8KI926Ebz71luUa/7l/ANU 89uguxDMfBJHNu/lN7WLyzKy0B3f9cRXDVrL4Ga2DOu3E7lc2aYOJvgtlRdah87/ jgQYe9Sncx9ITMkWbbOksSjmXmy17+zTCZakKe4iKXmEHriIy+8Vthlwdzg+G0c2 ew3WJmzWUBB0XecPGviVzpXANeBHqcoCRohXlu5PooLEVNBMh1ehNDv6t4OJEoYo gAz+QzddjVJuGDcEvRA4LDZkvYGVyk4cB1T+7kIvfNkuGi+CMcHrByG41854hTND C/CETDMeebLNyNUqjngyFYyjBCRKuSBurr+YKge4Qyc4JXg3KjrsHXQ4b4sAr8M0 gLj2EadMoQXKS0MDeYxiK7jgb0yTRAHty5o4drEeuRqJUiEoUajWX+LVe3qKCEYj XSXXj+vU5JuGYc+vpJlU =tLwi -----END PGP SIGNATURE-----