Sign-up

ID

VAR-201307-0390


CVE

CVE-2013-4878


TITLE

Parallels Plesk Panel Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2013-002926

DESCRIPTION

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. Parallels Plesk Panel Contains a vulnerability that allows arbitrary code execution. Parallels Plesk Panel On the web server where phppath With aliasing issues for CVE-2012-1823 Arbitrary code may be executed if the same problems exist simultaneously. In addition, CERT/CC According to the report, attacks using this problem are being carried out.Arbitrary code could be executed by a remote third party

Trust: 1.89

sources: NVD: CVE-2013-4878 // JVNDB: JVNDB-2013-002926 // BID: 78034

AFFECTED PRODUCTS

vendor:parallelsmodel:small business panelscope:eqversion:10.0

Trust: 1.9

vendor:parallelsmodel:plesk panelscope:eqversion:9.2

Trust: 1.9

vendor:parallelsmodel:plesk panelscope:eqversion:9.0

Trust: 1.9

vendor:parallelsmodel:plesk panelscope:eqversion:version 9.0 to 9.2.3 for up to linux edition

Trust: 0.8

sources: BID: 78034 // JVNDB: JVNDB-2013-002926 // CNNVD: CNNVD-201307-418 // NVD: CVE-2013-4878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4878
value: HIGH

Trust: 1.0

NVD: CVE-2013-4878
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-418
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-4878
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2013-002926 // CNNVD: CNNVD-201307-418 // NVD: CVE-2013-4878

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2013-002926 // NVD: CVE-2013-4878

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-418

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201307-418

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-002926

PATCH
title:Parallels Plesk Panel: phppath/php vulnerabilityurl:http://kb.parallels.com/116241
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-002926

EXTERNAL IDS
db:CERT/CCid:VU#673343
Trust: 2.7
db:NVDid:CVE-2013-4878
Trust: 2.7
db:JVNid:JVNVU90102556
Trust: 0.8
db:JVNDBid:JVNDB-2013-002926
Trust: 0.8
db:FULLDISCid:20130605 PLESK APACHE ZERODAY REMOTE EXPLOIT
Trust: 0.6
db:CNNVDid:CNNVD-201307-418
Trust: 0.6
db:BIDid:78034
Trust: 0.3
sources:
            
            
            BID: 78034 // 
            
            
            
            JVNDB: JVNDB-2013-002926 // 
            
            
            
            CNNVD: CNNVD-201307-418 // 
            
            
            
            NVD: CVE-2013-4878

REFERENCES
url:http://www.kb.cert.org/vuls/id/673343
Trust: 2.7
url:http://kb.parallels.com/116241
Trust: 1.9
url:http://seclists.org/fulldisclosure/2013/jun/21
Trust: 1.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4878
Trust: 0.8
url:http://jvn.jp/cert/jvnvu90102556/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4878
Trust: 0.8
sources:
            
            
            BID: 78034 // 
            
            
            
            JVNDB: JVNDB-2013-002926 // 
            
            
            
            CNNVD: CNNVD-201307-418 // 
            
            
            
            NVD: CVE-2013-4878

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78034

SOURCES
db:BIDid:78034
db:JVNDBid:JVNDB-2013-002926
db:CNNVDid:CNNVD-201307-418
db:NVDid:CVE-2013-4878

LAST UPDATE DATE
2024-11-23T19:27:12.230000+00:00

SOURCES UPDATE DATE
db:BIDid:78034date:2013-07-18T00:00:00
db:JVNDBid:JVNDB-2013-002926date:2013-08-06T00:00:00
db:CNNVDid:CNNVD-201307-418date:2013-07-19T00:00:00
db:NVDid:CVE-2013-4878date:2024-11-21T01:56:37.777

SOURCES RELEASE DATE
db:BIDid:78034date:2013-07-18T00:00:00
db:JVNDBid:JVNDB-2013-002926date:2013-06-11T00:00:00
db:CNNVDid:CNNVD-201307-418date:2013-07-19T00:00:00
db:NVDid:CVE-2013-4878date:2013-07-18T16:51:56.227