Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4728

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4728
Last Modified 16 Feb 2012 11:10:27
Published 16 Dec 2011 06:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4728

Summary

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by login_up.php3 and certain other files.

Vulnerable Systems

Application

  • Parallels Plesk Panel 10.2.0 Build1011110331.18


References

MISC - http://xss.cx/examples/plesk-reports/plesk-redhat-el6-psa-10.2.0-build-1011110331.18-xss-sqli-cwe79-cwe89-javascript-injection-exception-example-poc-report-paros-burp-suite-pro-1.4.1.html

XF - plesk-flag-info-disclosure(72331)


Last Updated: 27 May 2016 10:57:56