Vulnerability Description
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parallels | Parallels Plesk Panel | 9.0 |
| Parallels | Parallels Small Business Panel | 10.0 |
| Linux | Linux Kernel | All versions |
Related Weaknesses (CWE)
References
- http://kb.parallels.com/116241Vendor Advisory
- http://seclists.org/fulldisclosure/2013/Jun/21
- http://www.kb.cert.org/vuls/id/673343US Government Resource
- http://kb.parallels.com/116241Vendor Advisory
- http://seclists.org/fulldisclosure/2013/Jun/21
- http://www.kb.cert.org/vuls/id/673343US Government Resource
FAQ
What is CVE-2013-4878?
CVE-2013-4878 is a vulnerability with a CVSS score of 7.5 (HIGH). The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote a...
How severe is CVE-2013-4878?
CVE-2013-4878 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4878?
Check the references section above for vendor advisories and patch information. Affected products include: Parallels Parallels Plesk Panel, Parallels Parallels Small Business Panel, Linux Linux Kernel.