CVE-2011-4850

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue allows remote attackers to obtain potentially sensitive information via script access to cookies. This is because the Control Panel does not include the HTTPOnly flag in a Set-Cookie header for a cookie, making it easier for attackers to access this cookie through scripts, as seen in cookies used by help.php and other files.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider configuring the Set-Cookie header to include the HTTPOnly flag to prevent script access to sensitive cookies.