Sign-up

ID

VAR-201112-0191


CVE

CVE-2011-4728


TITLE

Parallels Plesk Panel Information Disclosure Vulnerability

Trust: 1.6

sources: IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d // IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1 // CNVD: CNVD-2011-5652 // CNNVD: CNNVD-201112-289

DESCRIPTION

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files

Trust: 2.52

sources: NVD: CVE-2011-4728 // JVNDB: JVNDB-2011-003418 // CNVD: CNVD-2011-5652 // IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d // IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d // IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1 // CNVD: CNVD-2011-5652

AFFECTED PRODUCTS

vendor:parallelsmodel:plesk panelscope:eqversion:10.2.0_build1011110331.18

Trust: 2.4

vendor:parallelsmodel:plesk panel 10.2.0 build1011110331.18scope: - version: -

Trust: 0.6

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.6

vendor:parallels plesk panelmodel:10.2.0 build1011110331.18scope: - version: -

Trust: 0.4

sources: IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d // IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1 // CNVD: CNVD-2011-5652 // JVNDB: JVNDB-2011-003418 // CNNVD: CNNVD-201112-289 // NVD: CVE-2011-4728

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4728
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4728
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2011-5652
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201112-289
value: MEDIUM

Trust: 0.6

IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4728
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5652
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d // IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1 // CNVD: CNVD-2011-5652 // JVNDB: JVNDB-2011-003418 // CNNVD: CNNVD-201112-289 // NVD: CVE-2011-4728

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2011-003418 // NVD: CVE-2011-4728

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-289

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201112-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003418

PATCH
title:Parallels Plesk Panelurl:http://www.parallels.com/products/plesk/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003418

EXTERNAL IDS
db:NVDid:CVE-2011-4728
Trust: 3.4
db:CNVDid:CNVD-2011-5652
Trust: 1.0
db:CNNVDid:CNNVD-201112-289
Trust: 1.0
db:JVNDBid:JVNDB-2011-003418
Trust: 0.8
db:IVDid:4FF0DB0C-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:IVDid:7D795B5E-463F-11E9-BF45-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: 4ff0db0c-2354-11e6-abef-000c29c66e3d // 
            
            
            
            IVD: 7d795b5e-463f-11e9-bf45-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2011-5652 // 
            
            
            
            JVNDB: JVNDB-2011-003418 // 
            
            
            
            CNNVD: CNNVD-201112-289 // 
            
            
            
            NVD: CVE-2011-4728

REFERENCES
url:http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72331
Trust: 1.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4728
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4728
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2011-5652 // 
            
            
            
            JVNDB: JVNDB-2011-003418 // 
            
            
            
            CNNVD: CNNVD-201112-289 // 
            
            
            
            NVD: CVE-2011-4728

SOURCES
db:IVDid:4ff0db0c-2354-11e6-abef-000c29c66e3d
db:IVDid:7d795b5e-463f-11e9-bf45-000c29342cb1
db:CNVDid:CNVD-2011-5652
db:JVNDBid:JVNDB-2011-003418
db:CNNVDid:CNNVD-201112-289
db:NVDid:CVE-2011-4728

LAST UPDATE DATE
2024-11-23T22:31:38.314000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5652date:2011-12-19T00:00:00
db:JVNDBid:JVNDB-2011-003418date:2011-12-19T00:00:00
db:CNNVDid:CNNVD-201112-289date:2019-04-23T00:00:00
db:NVDid:CVE-2011-4728date:2024-11-21T01:32:52.543

SOURCES RELEASE DATE
db:IVDid:4ff0db0c-2354-11e6-abef-000c29c66e3ddate:2011-12-19T00:00:00
db:IVDid:7d795b5e-463f-11e9-bf45-000c29342cb1date:2011-12-19T00:00:00
db:CNVDid:CNVD-2011-5652date:2011-12-19T00:00:00
db:JVNDBid:JVNDB-2011-003418date:2011-12-19T00:00:00
db:CNNVDid:CNNVD-201112-289date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4728date:2011-12-16T11:55:07.407