Content-Type Header Omission in Parallels Plesk Small Business Panel
CVE-2011-4761

Currently unrated

Key Information:

Vendor: Parallels
Status: Parallels Plesk Small Business Panel
Vendor: CVE Published:; 16 December 2011

What is CVE-2011-4761?

The omission of the charset parameter in the Content-Type header for certain resources in Parallels Plesk Small Business Panel 10.2.0 can lead to an interpretation conflict. This vulnerability may allow remote attackers to exploit certain files, particularly in the domain's /sitebuilder_edit.php, potentially leading to unauthorized actions or information leakage. This issue highlights the importance of correctly setting HTTP headers to prevent misinterpretations that could compromise web application security.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72213

vdb-entryx_refsource_XF

http://xss.cx/examples/plesk-reports/plesk-10.2.0.html

x_refsource_MISC

Timeline

Vulnerability published
Dec 16, 2011
Vulnerability Reserved
Dec 11, 2011