CVE-2011-4854

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue is related to the Control Panel in Parallels Plesk Panel, where it does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements. This might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the get enabled product icon program. It is possible that only clients, not the Plesk product, could be affected by this issue.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider restricting access to the get enabled product icon program as a temporary workaround until a patch is available. Additionally, ensure proper configuration of Content-Type HTTP headers to match the corresponding Content-Type data in HTML META elements.