CVE-2011-4740

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.2.0 build 20110407.20

Description The issue allows remote attackers to obtain sensitive information by exploiting a "cross-domain Referer leakage" in the Control Panel. This is achieved by reading web-server access logs or web-server Referer logs in response to GET requests with query strings for certain files, such as smb/app/search-data/catalogId/marketplace.

Recommendations For Parallels Plesk Panel version 10.2.0 build 20110407.20, consider restricting access to the Control Panel to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed in web-server access logs and Referer logs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.