Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4728


Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4728
Last Modified 16 Feb 2012 11:10:27
Published 16 Dec 2011 06:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.

Vulnerable Systems


  • Parallels Plesk Panel 10.2.0 Build1011110331.18



XF - plesk-flag-info-disclosure(72331)

Last Updated: 27 May 2016 10:57:56