CVE-2011-4848

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue allows remote attackers to obtain sensitive information by sniffing the network. This is due to the Control Panel including a submitted password within an HTTP response body. The password handling in certain files under client@1/domain@1/backup/local-repository/ is affected.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider restricting access to the Control Panel to minimize the risk of exploitation. Avoid using the password handling functionality in the affected files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.