CVE-2011-4856

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue involves the Control Panel in Parallels Plesk Panel sending incorrect Content-Type headers for certain resources. This could potentially allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. It is noted that only clients, not the Plesk product itself, might be affected by this issue.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider restricting access to the admin/health/parameters endpoint and other affected resources until a fix is available. Additionally, review the Content-Type headers sent by the Control Panel to ensure they are correctly set for all resources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.