Weak Cookie Security in Parallels Plesk Panel Affects User Data
CVE-2011-4849

Currently unrated

Key Information:

Vendor

Parallels

Status
Parallels Plesk Panel
Vendor
CVE Published:
16 December 2011

What is CVE-2011-4849?

The Control Panel in Parallels Plesk Panel version 10.4.4 does not enforce the secure flag on cookies during HTTPS sessions. This oversight allows remote attackers to potentially intercept cookies through unsecured HTTP transmissions. Sensitive user data, accessible via certain files like help.php, can be at risk, heightening exposure to theft or unauthorized access.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/72224
vdb-entryx_refsource_XF
http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4....
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.