CVE-2011-4849

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue concerns the Control Panel in Parallels Plesk Panel, which fails to set the secure flag for a cookie in an https session. This oversight makes it easier for remote attackers to capture the cookie by intercepting its transmission within an http session. The vulnerability is demonstrated by cookies used by help.php and certain other files.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider setting the secure flag for cookies manually to prevent them from being transmitted over insecure connections until a patch is available. As a temporary workaround, restrict access to help.php and other affected files to minimize the risk of exploitation.