CVE-2011-4743

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue is related to the Control Panel in Parallels Plesk Panel, which omits the Content-Type header's charset parameter for certain resources. This might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/user/create and certain other files. It is possible that only clients, not the Plesk product, could be affected by this issue.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider restricting access to the vulnerable resources until a fix is available. As a temporary workaround, avoid using the smb/user/create endpoint and certain other files that may be affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.