CVE-2011-4729

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build1011110331.18

Description The issue concerns the Server Administration Panel in Parallels Plesk Panel, where the HTTPOnly flag is not included in a Set-Cookie header for a cookie. This omission makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. The cookies used by login up.php3 and certain other files are affected.

Recommendations For Parallels Plesk Panel version 10.2.0 build1011110331.18, consider configuring the Set-Cookie header to include the HTTPOnly flag to prevent unauthorized script access to sensitive cookies. At the moment, there is no information about a newer version that contains a fix for this vulnerability.