๐ Parallels Plesk up to 9.5.4 Request /phppath/php input validation [Disputed]
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vuldb.com
A vulnerability, which was classified as critical, was found in Parallels Plesk up to 9.5.4 (Hosting Control Software). Affected is an unknown part of the file /phppath/php of the component Request Handler. Upgrading to version 9.5.x, 10.x or 11.x eliminates this vulnerability. It is possible to mitigate the problem by applying the configuration setting .htaccess config
. The best possible mitigation is suggested to be upgrading to the latest version. The official statement by Prallels suggests: "All currently supported versions of Parallels Plesk Panel 9.5, 10.x and 11.x, as well Parallels Plesk Automation, are not vulnerable. If a customer is using legacy, and a no longer supported version of Parallels Plesk Panel, they should upgrade to the latest version. For the legacy versions of Parallels Plesk Panel, we provided a suggested and unsupported workaround described in http://kb.parallels.com/en/113818." Attack attempts may be identified with Snort ID 22063. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 12347. ...