Search Engine: Elastic

Article ID: 2326, created on Oct 29, 2007, last review on Apr 26, 2014

  • Applies to:
  • Pro Control Panel Linux


View Knowledge
Knowledge ID 1058
Product : WEBppliance for Linux
Version : 3.5.20
Topic : FAQ

Remote restart of webppliance vulnerability

Remote restart of webppliance vulnerability



This problem is applicable to the LS version of WEBppliance Pro or Basic, not LH.  You have an LS WEBppliance Pro/Basic if you have the following rpm installed:


You can determine this by running the following command: rpm -qa | grep ensim-appliance

WEBppliance Pro/Basic 3.5.20-20 or less has a vulnerability that allows any remote attacker to restart the WEBppliance Administration GUI.  This does not affect the server or any of its services.  This bug will be fixed in an upcoming security errata.

You can prevent this problem manually by adding a RewriteRule to the webppliance apache configuration.   Do this the following way:

  1. Create a file to contain the rewrite rule


  2. Add the the following lines:

    RewriteEngine on
    RedirectMatch ^/webhost/rollout/view_setupC?$ https://IPADDRESS:19638/webhost/rollout/

    Replace IPADDRESS with the IP address of your server.  For example ''

  3. Restart webppliance

    service webppliance restart


Notes: Workaround suggested by "Mouse"


Related Knowledge

Related Links
Last ModifiedUsageSatisfiedLast Used
8/20/2004 12:48:08 PM53 10/11/2007 5:59:44 AM

4cc899da08664637a8bc437308d3ddd7 3ccb419cf98083f3bb45808fba8dbc7c 6311ae17c1ee52b36e68aaf4ad066387

Email subscription for changes to this article
Save as PDF