Vulnerability Details : CVE-2013-4878
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
Vulnerability category: Execute code
Products affected by CVE-2013-4878
- cpe:2.3:a:parallels:parallels_plesk_panel:9.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:parallels:parallels_plesk_panel:9.2:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:parallels:parallels_small_business_panel:10.0:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
Exploit prediction scoring system (EPSS) score for CVE-2013-4878
36.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-4878
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-4878
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4878
-
http://seclists.org/fulldisclosure/2013/Jun/21
Full Disclosure: Plesk Apache Zeroday Remote Exploit
-
http://kb.parallels.com/116241
KB ParallelsVendor Advisory
-
http://www.kb.cert.org/vuls/id/673343
VU#673343 - Parallels Plesk Panel phppath/php vulnerabilityUS Government Resource
Jump to