Parallels Plesk PHP-CGI Vulnerability

Share Button

Please read this message in its entirely and take the recommended actions :

A security vulnerability in PHP was identified that impacts some of Parallels products. The goal of this email is to make you aware of the situation.

 

  • Situation

The PHP Group and the United States Computer Emergency Readiness Team (US-CERT) has issued a vulnerability alert on 3 May that PHP-CGI-based setups contain vulnerability when parsing query string parameters from .php files. You can find more information at the PHP website.

·         Impact

A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

·         Parallels Products Impacted

o   Parallels Operation Automation Shared Hosting and Parallels Operation Automation Shared Hosting NG modules (all versions)

o   Parallels Plesk Panel for Linux versions 9.0 – 9.2.3 might be vulnerable (Plesk team is working on an update)

o   Parallels H-Sphere

 

  • Solution

A temporary patch for PHP installations does exist, and Parallels is working on incorporating this patch in our products as soon as possible.

 

  • CALL TO ACTION

For immediate solution customers should read the following knowledge base articles for instructions:

 

 

As this article is at a preliminary stage and will be updated in the nearest future, please subscribe to those articles updates via e-mail (for example by clicking here for 113814 and here for 113818). You might also want to subscribe to the RSS feed here.

 

Plesk Team

 

Share Button
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply