Parallels Plesk Panel Unspecified Remote Security Vulnerability

Bugtraq ID:	52267
Class:	Unknown
CVE:	CVE-2012-1557
Remote:	Yes
Local:	No
Published:	Mar 02 2012 12:00AM
Updated:	Mar 08 2015 04:04PM
Credit:	Reported by the vendor.
Vulnerable:	Parallels Plesk Panel 8.6 Parallels Plesk Panel 7.6.1 Parallels Plesk Panel 10.3.1 Parallels Parallels Plesk Panel 9.5 Parallels Parallels Plesk Panel 9.3 Parallels Parallels Plesk Panel 10.3 Parallels Parallels Plesk Panel 10.2 Parallels Parallels Plesk Panel 10.1 Parallels Parallels Plesk Panel 10.0
Not Vulnerable:

Parallels Plesk Panel Unspecified Remote Security Vulnerability

Parallels Plesk Panel is prone to an unspecified remote security vulnerability that allows attackers to gain unauthorized administrative access to the application.

Attackers can exploit this issue to perform unauthorized actions on the affected application. Successfully exploiting this issue results in complete compromise of the application.

Limited technical details are available at this time. We will update this BID as more information emerges.

Parallels Plesk Panel versions 7.6.1 through 10.3.1 are vulnerable.

Parallels Plesk Panel Unspecified Remote Security Vulnerability

Reports indicate that this issue is being exploited in the wild.

Parallels Plesk Panel Unspecified Remote Security Vulnerability

Solution:
The vendor has released fixes. Please see the references for details.

Parallels Plesk Panel Unspecified Remote Security Vulnerability

References:

• Parallels Plesk Panel Homepage (Parallels)
  
• [FIX] Remote vulnerability in Plesk Panel (Parallels)