Symptoms
According to http://seclists.org/fulldisclosure/2013/Aug/81, it is possible for one user to create symlinks to other users' webspaces and, depending on the permissions set on webspaces, read or execute files while masking UIDs.
Cause
This is a problem in the Apache software.
Resolution
The solution is described in the following article on the CloudLinux website: http://docs.cloudlinux.com/index.html?securelinks.html
Make sure that all web servers in the Linux Shared Hosting NG web cluster are configured correctly in accordance with the instructions in the article above.