Details of VAR-201112-0221

ID

VAR-201112-0221

CVE

CVE-2011-4758

TITLE

Parallels Plesk Small Business Panel Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2011-003445

DESCRIPTION

Parallels Plesk Small Business Panel 10.2.0 receives cleartext password input over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by forms in smb/auth and certain other files

Trust: 2.16

sources: NVD: CVE-2011-4758 // JVNDB: JVNDB-2011-003445 // CNVD: CNVD-2011-5627

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-5627

AFFECTED PRODUCTS

vendor:

parallels

model:

plesk small business panel

scope:

version:

10.2.0

Trust: 3.0

sources: CNVD: CNVD-2011-5627 // JVNDB: JVNDB-2011-003445 // CNNVD: CNNVD-201112-319 // NVD: CVE-2011-4758

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2011-4758
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2011-4758
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2011-5627
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201112-319
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2011-4758
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2011-5627
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2011-5627 // JVNDB: JVNDB-2011-003445 // CNNVD: CNNVD-201112-319 // NVD: CVE-2011-4758

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.8

sources: JVNDB: JVNDB-2011-003445 // NVD: CVE-2011-4758

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201112-319

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201112-319

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-003445

PATCH

title:

Parallels Plesk Small Business Panel

url:

http://www.parallels.com/products/small-business-panel/documentation/

Trust: 0.8

sources: JVNDB: JVNDB-2011-003445

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4758	Trust: 3.0
db:	JVNDB	id:	JVNDB-2011-003445	Trust: 0.8
db:	CNVD	id:	CNVD-2011-5627	Trust: 0.6
db:	CNNVD	id:	CNNVD-201112-319	Trust: 0.6

sources: CNVD: CNVD-2011-5627 // JVNDB: JVNDB-2011-003445 // CNNVD: CNNVD-201112-319 // NVD: CVE-2011-4758

REFERENCES

url:	http://xss.cx/examples/plesk-reports/plesk-10.2.0.html	Trust: 1.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4758	Trust: 1.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/72210	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4758	Trust: 0.8

sources: CNVD: CNVD-2011-5627 // JVNDB: JVNDB-2011-003445 // CNNVD: CNNVD-201112-319 // NVD: CVE-2011-4758

SOURCES

db:	CNVD	id:	CNVD-2011-5627
db:	JVNDB	id:	JVNDB-2011-003445
db:	CNNVD	id:	CNNVD-201112-319
db:	NVD	id:	CVE-2011-4758

LAST UPDATE DATE

2025-04-11T23:19:35.771000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-5627	date:	2011-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2011-003445	date:	2011-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201112-319	date:	2011-12-19T00:00:00
db:	NVD	id:	CVE-2011-4758	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-5627	date:	2011-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2011-003445	date:	2011-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201112-319	date:	2011-12-19T00:00:00
db:	NVD	id:	CVE-2011-4758	date:	2011-12-16T11:55:11.437