CVE-2011-4852

Name of the Vulnerable Software and Affected Versions Parallels Plesk Panel version 10.4.4 build20111103.18

Description The issue allows remote attackers to obtain sensitive information by exploiting a "cross-domain Referer leakage" in the Control Panel. This is achieved by reading web-server access logs or web-server Referer logs in response to GET requests with query strings for certain files, such as enterprise/mobile-monitor/.

Recommendations For Parallels Plesk Panel version 10.4.4 build20111103.18, consider restricting access to the Control Panel to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed in web-server access logs and Referer logs until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.