Sign-up

ID

VAR-201112-0199


CVE

CVE-2011-4736


TITLE

Parallels Plesk Panel of Control Panel Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2011-003426

DESCRIPTION

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in login_up.php3 and certain other files

Trust: 2.52

sources: NVD: CVE-2011-4736 // JVNDB: JVNDB-2011-003426 // CNVD: CNVD-2011-5647 // IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1 // IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1 // IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5647

AFFECTED PRODUCTS

vendor:parallelsmodel:plesk panelscope:eqversion:10.2.0_build20110407.20

Trust: 1.6

vendor:parallelsmodel:plesk panelscope:eqversion:10.2.0 build 20110407.20

Trust: 0.8

vendor:parallelsmodel:plesk panel 10.3.1 build1013110726.09scope: - version: -

Trust: 0.6

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.6

vendor:parallels plesk panelmodel:10.2.0 build20110407.20scope: - version: -

Trust: 0.4

sources: IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1 // IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5647 // JVNDB: JVNDB-2011-003426 // CNNVD: CNNVD-201112-297 // NVD: CVE-2011-4736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4736
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4736
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2011-5647
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201112-297
value: MEDIUM

Trust: 0.6

IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2011-4736
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2011-5647
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1 // IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2011-5647 // JVNDB: JVNDB-2011-003426 // CNNVD: CNNVD-201112-297 // NVD: CVE-2011-4736

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.8

sources: JVNDB: JVNDB-2011-003426 // NVD: CVE-2011-4736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-297

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201112-297

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-003426

PATCH
title:Parallels Plesk Panelurl:http://www.parallels.com/products/plesk/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2011-003426

EXTERNAL IDS
db:NVDid:CVE-2011-4736
Trust: 3.4
db:CNVDid:CNVD-2011-5647
Trust: 1.0
db:CNNVDid:CNNVD-201112-297
Trust: 1.0
db:JVNDBid:JVNDB-2011-003426
Trust: 0.8
db:IVDid:7D7786A1-463F-11E9-B8C0-000C29342CB1
Trust: 0.2
db:IVDid:4FC2E260-2354-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 7d7786a1-463f-11e9-b8c0-000c29342cb1 // 
            
            
            
            IVD: 4fc2e260-2354-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2011-5647 // 
            
            
            
            JVNDB: JVNDB-2011-003426 // 
            
            
            
            CNNVD: CNNVD-201112-297 // 
            
            
            
            NVD: CVE-2011-4736

REFERENCES
url:http://xss.cx/examples/plesk-reports/xss-reflected-cross-site-scripting-cwe79-capec86-plesk-parallels-control-panel-version-20110407.20.html
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72323
Trust: 1.6
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4736
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4736
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2011-5647 // 
            
            
            
            JVNDB: JVNDB-2011-003426 // 
            
            
            
            CNNVD: CNNVD-201112-297 // 
            
            
            
            NVD: CVE-2011-4736

SOURCES
db:IVDid:7d7786a1-463f-11e9-b8c0-000c29342cb1
db:IVDid:4fc2e260-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2011-5647
db:JVNDBid:JVNDB-2011-003426
db:CNNVDid:CNNVD-201112-297
db:NVDid:CVE-2011-4736

LAST UPDATE DATE
2024-11-23T22:14:09.740000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2011-5647date:2011-12-19T00:00:00
db:JVNDBid:JVNDB-2011-003426date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-297date:2019-04-23T00:00:00
db:NVDid:CVE-2011-4736date:2024-11-21T01:32:53.710

SOURCES RELEASE DATE
db:IVDid:7d7786a1-463f-11e9-b8c0-000c29342cb1date:2011-12-19T00:00:00
db:IVDid:4fc2e260-2354-11e6-abef-000c29c66e3ddate:2011-12-19T00:00:00
db:CNVDid:CNVD-2011-5647date:2011-12-19T00:00:00
db:JVNDBid:JVNDB-2011-003426date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-297date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4736date:2011-12-16T11:55:09.953