ID

VAR-201112-0243


CVE

CVE-2011-4849


TITLE

Parallels Plesk Panel of Control Panel In Cookie Vulnerability that is captured

Trust: 0.8

sources: JVNDB: JVNDB-2011-003459

DESCRIPTION

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files

Trust: 1.62

sources: NVD: CVE-2011-4849 // JVNDB: JVNDB-2011-003459

AFFECTED PRODUCTS

vendor:parallelsmodel:plesk panelscope:eqversion:10.4.4_build20111103.18

Trust: 2.4

sources: JVNDB: JVNDB-2011-003459 // CNNVD: CNNVD-201112-334 // NVD: CVE-2011-4849

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4849
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-4849
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201112-334
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2011-4849
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2011-003459 // CNNVD: CNNVD-201112-334 // NVD: CVE-2011-4849

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2011-003459 // NVD: CVE-2011-4849

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-334

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201112-334

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003459

PATCH

title:Parallels Plesk Panelurl:http://www.parallels.com/products/plesk/

Trust: 0.8

sources: JVNDB: JVNDB-2011-003459

EXTERNAL IDS

db:NVDid:CVE-2011-4849

Trust: 2.4

db:JVNDBid:JVNDB-2011-003459

Trust: 0.8

db:CNNVDid:CNNVD-201112-334

Trust: 0.6

sources: JVNDB: JVNDB-2011-003459 // CNNVD: CNNVD-201112-334 // NVD: CVE-2011-4849

REFERENCES

url:http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/72224

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4849

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4849

Trust: 0.8

sources: JVNDB: JVNDB-2011-003459 // CNNVD: CNNVD-201112-334 // NVD: CVE-2011-4849

SOURCES

db:JVNDBid:JVNDB-2011-003459
db:CNNVDid:CNNVD-201112-334
db:NVDid:CVE-2011-4849

LAST UPDATE DATE

2024-11-23T22:27:34.943000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2011-003459date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-334date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4849date:2024-11-21T01:33:06.680

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2011-003459date:2011-12-20T00:00:00
db:CNNVDid:CNNVD-201112-334date:2011-12-19T00:00:00
db:NVDid:CVE-2011-4849date:2011-12-16T11:55:12.813