CVE-2011-4855

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue is related to the Control Panel in Parallels Plesk Panel, where the Content-Type header's charset parameter is omitted for certain resources. This could potentially allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving certain files, such as admin/customer-service-plan/list/reset-search/true/. It is noted that this issue might only affect clients, rather than the Plesk product itself.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider restricting access to the affected resources, such as the admin/customer-service-plan/list/reset-search/true/ endpoint, until a fix is available. As a temporary workaround, ensure that clients properly handle the omitted charset parameter in the Content-Type header to minimize potential impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.