PT-2011-5077 · Parallels · Parallels Plesk Panel

Published

2011-12-16

Updated

2019-04-22

CVE-2011-4747

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.3.1 build1013110726.09

Description The issue allows remote attackers to defeat cryptographic protection mechanisms via a crafted CipherSuite list because the billing system does not prevent the use of weak ciphers for SSL sessions.

Recommendations For Parallels Plesk Panel version 10.3.1 build1013110726.09, consider disabling the use of weak ciphers for SSL sessions as a temporary workaround until a patch is available. Restrict access to the billing system to minimize the risk of exploitation. Avoid using weak ciphers in the CipherSuite list until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-4747

Affected Products

Parallels Plesk Panel

PT-2011-5077 · Parallels · Parallels Plesk Panel

CVE-2011-4747

Weakness Enumeration

Related Identifiers

Affected Products

References · 4