Remote Code Execution in Parallels Plesk Panel Affected by Lack of HTTPOnly Flag
CVE-2011-4738

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4738?

The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 is susceptible to a vulnerability that omits the HTTPOnly flag in the Set-Cookie header. This flaw allows remote attackers to potentially access sensitive information through script-based attacks on the cookie, particularly via files such as get_password.php. Without the protection provided by the HTTPOnly attribute, user sessions and other critical cookie data can be exploited, leading to unauthorized access to user accounts and system resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://xss.cx/examples/plesk-reports/xss-reflected-cross-...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/72321

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011

JSON

Parallels

What is CVE-2011-4738?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.