exploitDog

CVE-2011-4729

Опубликовано: 16 дек. 2011

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:parallels:parallels_plesk_panel:10.2.0_build1011110331.18:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.0025

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-x449-g4qr-7p6q

github

больше 3 лет назад

The Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, as demonstrated by cookies used by login_up.php3 and certain other files.

EPSS

Процентиль: 48%

0.0025

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other