CVE-2011-4759

Name of the Vulnerable Software and Affected Versions Parallels Plesk Small Business Panel version 10.2.0

Description The issue allows remote attackers to obtain sensitive information by reading web-server access logs or web-server Referer logs, related to a "cross-domain Referer leakage" issue. This occurs when the software generates web pages containing external links in response to GET requests with query strings for certain files, such as client@1/domain@1/hosting/file-manager/.

Recommendations For Parallels Plesk Small Business Panel version 10.2.0, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, restrict access to the file-manager module to minimize the risk of sensitive information leakage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.