{"id":718,"date":"2016-01-21T09:26:16","date_gmt":"2016-01-21T09:26:16","guid":{"rendered":"https:\/\/www.gigapros.com\/blog\/?p=718"},"modified":"2022-10-29T03:00:08","modified_gmt":"2022-10-29T03:00:08","slug":"cpanel-tsr-2016-0001","status":"publish","type":"post","link":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/","title":{"rendered":"cPanel TSR-2016-0001"},"content":{"rendered":"<h2>Overview<\/h2>\n<p>On January 18, 2016, <a href=\"http:\/\/news.cpanel.com\/cpanel-tsr-2016-0001-announcement\/\" target=\"_blank\" rel=\"nofollow noopener\">cPanel announced <\/a>that it had discovered vulnerabilities affecting all current versions of its control panel software. At the time of the announcement, cPanel issued a Targeted Security Release for each software tier, which the company said addresses 20 vulnerabilities in cPanel and WHM.<\/p>\n<p>Because the issues were discovered internally by cPanel, and cPanel does not believe that there are any exploits of the vulnerabilities in the wild, they are not yet releasing any additional information on the exact nature of the issues. The company will allow sufficient time for potentially vulnerable servers to be updated before providing additional information.<\/p>\n<h2>Impact<\/h2>\n<ul>\n<ul>\n<li>All servers running a version of cPanel\/WHM lower than the versions indicated below <strong>are affected<\/strong>. All servers running a version of cPanel\/WHM equal to or greater than those below <strong>are not affected<\/strong>:\n<ul>\n<li><strong>54.0.4<\/strong> (WHM 54.0 build 4) on the CURRENT and EDGE Tiers<\/li>\n<li><strong>11.52.2.4<\/strong> (WHM 11.52.2 build 4) on the STABLE and RELEASE Tiers<\/li>\n<li><strong>11.50.4.3<\/strong> (WHM 11.50.4 build 3) and <strong>11.48.5.2<\/strong> (WHM 11.48.5 build 2) on the Long-Term Support (LTS) Tiers<\/li>\n<\/ul>\n<\/li>\n<li>There are no known \u201cin the wild\u201d exploits of the cPanel vulnerabilities at this time.<\/li>\n<li>cPanel\u2019s regular update process automatically will download and apply the appropriate new software version for your chosen tier, addressing all known vulnerabilities.<\/li>\n<\/ul>\n<\/ul>\n<h2 style=\"padding-top: 10px;\">Summary<\/h2>\n<p>If your cPanel server is configured to automatically check for updates, no action is required on your part, and the patch automatically will be applied at the server\u2019s next check. If you have disabled automatic updates, you can follow the instructions in our tutorial, <a href=\"https:\/\/www.gigapros.com\/blog\/how-to-upgrade-and-patch-cpanel-whm\/\" target=\"_blank\" rel=\"noopener\">How To Upgrade and Patch cPanel<\/a> to manually update cPanel. If you require any assistance, please contact <a href=\"https:\/\/www.gigapros.com\/portal\/support-center\/\" target=\"_blank\" rel=\"noopener\">GigaPros Support<\/a>.<\/p>\n<h2 style=\"padding-top: 10px;\">Is Your Server Affected?<\/h2>\n<p>To determine whether your cPanel server already has had the patch applied, you need only to log into WebHost Manager and check the version number, which is located at the top-center of every page in WHM:<\/p>\n<p><a href=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/cpanelversion.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-719\" src=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/cpanelversion-300x19.png\" alt=\"cpanelversion\" width=\"300\" height=\"19\" srcset=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/cpanelversion-300x19.png 300w, https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/cpanelversion.png 1011w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>In this example, on a server set to the CURRENT release tier, you can see that the cPanel\/WHM version is <strong>54.0.4 (54.0 build 4)<\/strong>, and thus is not vulnerable. If you are on a different release tier (LTS, STABLE, RELEASE, or EDGE), you will need to check your version against the list above.<\/p>\n<div class=\"note\">Note: cPanel dropped the \u201c11\u201d from its cPanel\/WHM version number beginning with 54 (which would have been 11.54). You still may see the current version referred to as both \u201c54\u201d and \u201c11.54\u201d in different places in the cPanel\/WHM interface as the change in version numbering populates throughout the user interface.<\/div>\n<h2>Resolution<\/h2>\n<p>The latest version of cPanel, 54.0.4 (54.0 build 4), is patched against the vulnerability. An upgrade to the current release version of cPanel\/WHM will address the vulnerabilities and resolve the issues discovered by cPanel.<\/p>\n<p>To upgrade, follow the instructions in our tutorial, How To Upgrade and Patch cPanel. If you require any assistance in verifying your current version or manually updating cPanel, please contact Support.<\/p>\n<p>To check or change your current cPanel release tier, or ensure that automatic updates are enabled, click on \u201cUpdate Preferences\u201d in WHM\u2019s left menu:<\/p>\n<p><a href=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/tiers.png\"><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-medium wp-image-720\" src=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/tiers-300x250.png\" alt=\"tiers\" width=\"300\" height=\"250\" srcset=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/tiers-300x250.png 300w, https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/tiers.png 841w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>After changing any settings, click the \u201cSave\u201d button at the bottom of the page to apply them.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview On January 18, 2016, cPanel announced that it had discovered vulnerabilities affecting all current versions of its control panel software. At the time of the announcement, cPanel issued a Targeted Security Release for each software tier, which the company said addresses 20 vulnerabilities in cPanel and WHM. Because the issues were discovered internally by<\/p>\n","protected":false},"author":62,"featured_media":719,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>cPanel TSR-2016-0001<\/title>\n<meta name=\"description\" content=\"cPanel vulnarability update TSR-2016-0001\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"cPanel TSR-2016-0001\" \/>\n<meta property=\"og:description\" content=\"cPanel vulnarability update TSR-2016-0001\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/\" \/>\n<meta property=\"og:site_name\" content=\"GigaPros Blog\" \/>\n<meta property=\"article:published_time\" content=\"2016-01-21T09:26:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-29T03:00:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/cpanelversion.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1011\" \/>\n\t<meta property=\"og:image:height\" content=\"65\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Andy S.\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andy S.\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/\",\"url\":\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/\",\"name\":\"cPanel TSR-2016-0001\",\"isPartOf\":{\"@id\":\"https:\/\/www.gigapros.com\/blog\/#website\"},\"datePublished\":\"2016-01-21T09:26:16+00:00\",\"dateModified\":\"2022-10-29T03:00:08+00:00\",\"author\":{\"@id\":\"https:\/\/www.gigapros.com\/blog\/#\/schema\/person\/11a4e496a4d98537d17e2496bae3a1ed\"},\"description\":\"cPanel vulnarability update TSR-2016-0001\",\"breadcrumb\":{\"@id\":\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.gigapros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"cPanel TSR-2016-0001\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.gigapros.com\/blog\/#website\",\"url\":\"https:\/\/www.gigapros.com\/blog\/\",\"name\":\"GigaPros Blog\",\"description\":\"Latest News and Alerts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.gigapros.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.gigapros.com\/blog\/#\/schema\/person\/11a4e496a4d98537d17e2496bae3a1ed\",\"name\":\"Andy S.\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.gigapros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9bbef65ca691b3bc72e86284f0ac1f46?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9bbef65ca691b3bc72e86284f0ac1f46?s=96&d=mm&r=g\",\"caption\":\"Andy S.\"},\"url\":\"https:\/\/www.gigapros.com\/blog\/author\/abhisheks\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"cPanel TSR-2016-0001","description":"cPanel vulnarability update TSR-2016-0001","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/","og_locale":"en_US","og_type":"article","og_title":"cPanel TSR-2016-0001","og_description":"cPanel vulnarability update TSR-2016-0001","og_url":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/","og_site_name":"GigaPros Blog","article_published_time":"2016-01-21T09:26:16+00:00","article_modified_time":"2022-10-29T03:00:08+00:00","og_image":[{"width":1011,"height":65,"url":"https:\/\/www.gigapros.com\/blog\/wp-content\/uploads\/2016\/01\/cpanelversion.png","type":"image\/png"}],"author":"Andy S.","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Andy S.","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/","url":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/","name":"cPanel TSR-2016-0001","isPartOf":{"@id":"https:\/\/www.gigapros.com\/blog\/#website"},"datePublished":"2016-01-21T09:26:16+00:00","dateModified":"2022-10-29T03:00:08+00:00","author":{"@id":"https:\/\/www.gigapros.com\/blog\/#\/schema\/person\/11a4e496a4d98537d17e2496bae3a1ed"},"description":"cPanel vulnarability update TSR-2016-0001","breadcrumb":{"@id":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.gigapros.com\/blog\/cpanel-tsr-2016-0001\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.gigapros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"cPanel TSR-2016-0001"}]},{"@type":"WebSite","@id":"https:\/\/www.gigapros.com\/blog\/#website","url":"https:\/\/www.gigapros.com\/blog\/","name":"GigaPros Blog","description":"Latest News and Alerts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gigapros.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.gigapros.com\/blog\/#\/schema\/person\/11a4e496a4d98537d17e2496bae3a1ed","name":"Andy S.","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.gigapros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9bbef65ca691b3bc72e86284f0ac1f46?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9bbef65ca691b3bc72e86284f0ac1f46?s=96&d=mm&r=g","caption":"Andy S."},"url":"https:\/\/www.gigapros.com\/blog\/author\/abhisheks\/"}]}},"_links":{"self":[{"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/posts\/718"}],"collection":[{"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/users\/62"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/comments?post=718"}],"version-history":[{"count":10,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/posts\/718\/revisions"}],"predecessor-version":[{"id":862,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/posts\/718\/revisions\/862"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/media\/719"}],"wp:attachment":[{"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/media?parent=718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/categories?post=718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gigapros.com\/blog\/wp-json\/wp\/v2\/tags?post=718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}