mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-29 05:56:17 +00:00
115 lines
4.0 KiB
JSON
115 lines
4.0 KiB
JSON
{
|
|
"id": "CVE-2011-4852",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2011-12-16T11:55:13.220",
|
|
"lastModified": "2024-11-21T01:33:07.110",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates web pages containing external links in response to GET requests with query strings for enterprise/mobile-monitor/ and certain other files, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a \"cross-domain Referer leakage\" issue."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "El panel de control de Parallels Plesk Panel 10.4.4_build20111103.18 genera p\u00e1ginas web que contienen enlaces externos en respuesta a peticiones GET con cadenas de b\u00fasqueda \"enterprise/mobile-monitor/\" y otros archivos determinados, lo que facilita a atacantes remotos obtener informaci\u00f3n confidencial leyendo (1) logs de acceso al servidor web o (2) logs Referer. Relacionado con un problema de p\u00e9rdida de Referer entre dominios."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
|
"baseScore": 4.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:parallels:parallels_plesk_panel:10.4.4_build20111103.18:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "185B0C7F-D05F-4552-8A40-CFA4761A5306"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "60EC86B8-5C8C-4873-B364-FB1F8EFE1CFF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "32623D48-7000-4C7D-823F-7D2A9841D88C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72095",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://xss.cx/kb/parallels/xss-parallelspleskpanel.v10.4.4_build20111103.18-os_windows-2003-2008-reflected-cross-site-scripting-cwe79-capec86-javascript-injection-example-poc-report.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72095",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |