Child pages
  • Legacy Security Levels
Skip to end of metadata
Go to start of metadata

Overview

This document explains the security levels of advisories that we post at http://www.cpanel.net/security. These security levels apply to Targeted Security Releases before TSR-2015-0001.

Security Levels

The following table lists the security levels in order of severity:

LevelDescription
CriticalA critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These vulnerabilities allow automated scripts such as worms to completely compromise the system.
Important

This rating applies to vulnerabilities that allow third parties to compromise system authentication levels

These vulnerabilities occur when you allow the following:

  • Local users to elevate their privilege levels.
  • Unauthenticated remote users to access resources that should require authentication to view.
  • Remote users to execute arbitrary code, which includes any local or remote attack that could result in an denial of service.
ModerateThis rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These scenarios usually consist of a flawed or unlikely system configuration, and only occur in rare situations.
MinorThis rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, and they require extremely close timing of execution and events to occur that are out of the attacker's control. This rating also applies to vulnerabilities that, even if successful, result in few or no consequences on the system.

Additional documentation