CVE-2008-6479

Name of the Vulnerable Software and Affected Versions Parallels Virtuozzo version 25.4.swsoft (build 3.0.0-25.4.swsoft)

Description A cross-site request forgery (CSRF) issue exists in the "change password" feature of the VZPP web interface, allowing remote attackers to modify passwords by using a link or IMG tag to vz/cp/pwd.

Recommendations For Parallels Virtuozzo version 25.4.swsoft (build 3.0.0-25.4.swsoft), as a temporary workaround, consider disabling the "change password" feature in the VZPP web interface until a patch is available. Restrict access to the vz/cp/pwd endpoint to minimize the risk of exploitation.