Vulnerability Description
The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by help.php and certain other files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parallels | Parallels Plesk Panel | 10.4.4_build20111103.18 |
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2008 | - |
Related Weaknesses (CWE)
References
- http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_w
- http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_w
FAQ
What is CVE-2011-4850?
CVE-2011-4850 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentia...
How severe is CVE-2011-4850?
CVE-2011-4850 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-4850?
Check the references section above for vendor advisories and patch information. Affected products include: Parallels Parallels Plesk Panel, Microsoft Windows 2003 Server, Microsoft Windows Server 2008.