Content-Type Header Manipulation in Parallels Plesk Panel 10.2.0
CVE-2011-4733

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4733?

The Server Administration Panel in Parallels Plesk Panel version 10.2.0_build1011110331.18 is subject to a vulnerability that involves the transmission of incorrect Content-Type headers. This misconfiguration may allow remote attackers to exploit an interpretation conflict, specifically when dealing with resources such as smb/admin-home/disable-featured-applications-promo. While the nature of the impact is not clearly defined, it is essential for users to be cautious as client-side implications may arise due to this issue. Thus, ensuring proper configuration and monitoring of header outputs is recommended.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72326

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011