Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4738


Vulnerability Score 5.0 5.0
CVE Id CVE-2011-4738
Last Modified 16 Feb 2012 11:10:29
Published 16 Dec 2011 06:55:10
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by get_password.php and certain other files.

Vulnerable Systems


  • Parallels Plesk Panel 10.2.0 Build20110407.20



XF - plesk-httponly-info-disc(72321)

Last Updated: 27 May 2016 10:57:56