This document explains the security levels of advisories that we post at http://www.cpanel.net/security. These security levels apply to Targeted Security Releases before TSR-2015-0001.
The following table lists the security levels in order of severity:
|Critical||A critical rating applies to vulnerabilities that allow remote, unauthenticated access and code execution, with no user interaction required. These vulnerabilities allow automated scripts such as worms to completely compromise the system.|
This rating applies to vulnerabilities that allow third parties to compromise system authentication levels
These vulnerabilities occur when you allow the following:
|Moderate||This rating applies to vulnerabilities that rely on unlikely scenarios in order to compromise the system. These scenarios usually consist of a flawed or unlikely system configuration, and only occur in rare situations.|
|Minor||This rating applies to vulnerabilities that do not fit into the higher categories. These vulnerabilities occur in very unlikely situations and configurations, and they require extremely close timing of execution and events to occur that are out of the attacker's control. This rating also applies to vulnerabilities that, even if successful, result in few or no consequences on the system.|