Order VPS Hosting
Order a VPS, Semi- dedicated or Dedicated server in Dallas, London or Australia.

Get Assistance
Ask our support team about your hosting requirements.


Host where the staff takes pride in making customers happy

You make it easy for us to recommend you in good conscience, with your rapid responsiveness to problems and queries, and the effort that you put to communicating well. Keep up the great work!

- Andrew (after referring a new customer to us) (#210/330)
Home > Support > Notices > Plesk PHP vulnerability

Related Links

Notice Links:

Notice

Plesk PHP vulnerability

PostedSat, 5 May 2012 03:05 AM UTC
Last UpdateSat, 5 May 2012 03:38 AM UTC (363 weeks ago)
StatusClosed

An open source PHP security vulnerability was identified that impacts some of Parallels products.

Situation: The PHP Group and the United States Computer Emergency Readiness Team (US-CERT) issued a vulnerability alert on 3 May that PHP-CGI-based setups contain vulnerability when parsing query string parameters from PHP files. You can find more information at the PHP's website. A permanent solution has not been provided by the Open Source PHP community as of 5 pm PDT on May 4, 2012.

Impact: A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

Products Impacted: Parallels Plesk Panel for Linux versions 9.0 - 9.2.3 only

Solution: As per the Parallels Plesk Lifecycle Policy, these versions do not provide ongoing patch support. Having customers upgrade to the latest version of Parallels Plesk Panel will eliminate this vulnerability.

Parallels understands that it's not always practical for immediate upgrades, so we have provided a solution to fix this vulnerability. For the immediate solution, customers should read this knowledge base article for instructions: http://kb.parallels.com/en/113818

Most of our users with plesk 9.* should have already updated to 9.5. But if you do need any help in updating the Plesk Panel please raise a ticket at https://rimuhosting.com/ticket/startticket.jsp and we can help get that sorted for you.

#

Keep You Updated?

Log in to subscribe to changes to this notice.

Set your contact details for future notifications.