Server Security Scan Alert - OpenSSH

If you have hired a third party to perform a security scan of your website, they may have identified the following as unpatched server issues affecting your account.  

CVE: 2017-15906
CVE: 2018-15919

Both of these are issues are related to OpenSSH as provided by CentOS/RedHat.  The first thing is to assure all clients on a cpanel server that these are not security issues that affect you, or the server.  Firstly here is an official answer from Cpanel in regards to this.

The first thing to note is that cPanel have actually patched this issue in the first instance, and in the second instance it is marked as a false positive and Red Hat have advised it as "Will not fix."

Additionally, SSH is not an available service for clients on our shared cpanel servers.

https://www.wtqhosting.com/image/cpanel-ticket.png

 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What is hotlink protection?

Hotlink protection is disabling external use of your resources. For instance, if your website has...

How do I configure hotlink protection?

Login to cPanel. Locate and click on the "Hotlink Protection" icon within the "Security"...

How do I block an IP address from accessing my site?

If you wish to ban a user from accessing your website in any way, the best way to do this is to...

How do I password protect a directory?

Login to cPanel. Locate and click on the "Password Protect Directories" icon under the...

What Ports are Open on this Server?

There are a number of security services now that scan websites and give advise about 'best...