// For flags

CVE-2011-4759

 

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Parallels Plesk Small Business Panel 10.2.0 generates web pages containing external links in response to GET requests with query strings for client@1/domain@1/hosting/file-manager/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.

Parallels Plesk Small Business Panel 10.2.0 genera páginas web que contienen enlaces externos en respuesta a peticiones GET con peticiones de búsqueda de "client@1/domain@1/hosting/file-manager/" y otros archivos determinados, lo que facilita a atacantes remotos obtener información confidencial leyendo (1) los logs de acceso o (2) Referer del servidor web, relacionado con una filtración de Referer entre dominios.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-12-11 CVE Reserved
  • 2011-12-16 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Parallels
Search vendor "Parallels"
 Parallels Plesk Small Business Panel
Search vendor "Parallels" for product "Parallels Plesk Small Business Panel"
 10.2.0
Search vendor "Parallels" for product "Parallels Plesk Small Business Panel" and version "10.2.0"
-
Affected