CVE-2011-4761

Name of the Vulnerable Software and Affected Versions Parallels Plesk Small Business Panel version 10.2.0

Description The issue is related to the omission of the Content-Type header's charset parameter for certain resources, which could allow remote attackers to have an unspecified impact. This might be achieved by leveraging an interpretation conflict involving domains/sitebuilder edit.php and certain other files. It is noted that possibly only clients, not the product itself, could be affected by this issue.

Recommendations For Parallels Plesk Small Business Panel version 10.2.0, consider configuring the Content-Type header to include the charset parameter for the affected resources as a temporary workaround. Restrict access to the domains/sitebuilder edit.php file and other involved files to minimize the risk of exploitation.