CVE-2011-4728

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build1011110331.18

Description The issue concerns the Server Administration Panel in Parallels Plesk Panel, where it fails to set the secure flag for a cookie in an https session. This makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session. The cookies used by login up.php3 and certain other files are affected.

Recommendations For Parallels Plesk Panel version 10.2.0 build1011110331.18, consider setting the secure flag for cookies manually to prevent them from being transmitted over http sessions. As a temporary workaround, restrict access to the Server Administration Panel to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.