The Host Access Control feature in cPanel prior to 60.0.25 mishandles actionless host.deny entries (SEC-187).
cpanel cpanel