CVE-2011-4738

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue allows remote attackers to obtain potentially sensitive information via script access to cookies. This is because the Control Panel in the affected software does not include the HTTPOnly flag in a Set-Cookie header for a cookie. The cookies used by get password.php and certain other files are affected.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider configuring the software to include the HTTPOnly flag in Set-Cookie headers to prevent unauthorized script access to sensitive cookies. As a temporary workaround, restrict access to the affected files, such as get password.php, to minimize the risk of exploitation.