| Vulnerability Name: | CVE-2011-4849 (CCN-72224) | ||||||||
| Assigned: | 2011-11-20 | ||||||||
| Published: | 2011-11-20 | ||||||||
| Updated: | 2017-08-29 | ||||||||
| Summary: | The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, as demonstrated by cookies used by help.php and certain other files. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Other | ||||||||
| References: | Source: MITRE Type: CNA CVE-2011-4849 Source: CCN Type: OSVDB ID: 77900 Parallels Plesk Panel Control Panel Multiple Script HTTPS Session Cookie Secure Flag Weakness Source: CCN Type: Parallels Web Site CVE-2011-4776, CVE-2011-4777, XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Parallels Plesk Panel v10.4.4_build20111103.18 os_Windows 2003/2008 Source: MISC Type: UNKNOWN http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html Source: XF Type: UNKNOWN ppp-cp-secureflag-weak-security(72224) Source: XF Type: UNKNOWN ppp-cp-secureflag-weak-security(72224) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||