Quick Contact
010 - 448 2290

Plesk security advice voor onze klanten

Op 05-05-2012 ontvingen wij de volgende e-mail:

SECURITY ADVISORY – PHP VULNERABILITY

Parallels Customer,

Please read this message
in its entirely and take the recommended actions.

An open source PHP security vulnerability was
identified that impacts some of Parallels products. The goal of this email is to make you aware of the situation.

NOTE: This impacts Parallels Plesk Panel for Linux versions 9.0 – 9.2.3 only.

Situation
The PHP Group and the United States Computer Emergency Readiness Team (US-CERT)
issued a vulnerability alert on 3 May that PHP-CGI-based setups contain vulnerability when parsing query string parameters
from PHP files. You can find more information at the PHP’s website. A permanent solution has not been provided by the Open
Source PHP community as of 5 pm PDT on May 4, 2012.

Impact
A
remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute
arbitrary code with the privileges of the web server.

Parallels Products Impacted

Parallels Plesk Panel for Linux versions 9.0 – 9.2.3.

Solution/Call To Action

As per the Parallels Plesk Lifecycle Policy, these versions do not provide
ongoing patch support. Having customers upgrade to the latest version of Parallels Plesk Panel will eliminate this vulnerability.

Parallels understands that it’s not always practical for immediate upgrades, so we have provided a solution to fix this
vulnerability. For the immediate solution, customers should read this knowledge base article for instructions:
http://kb.parallels.com/en/113818

Customers are also strongly encouraged to subscribe to our support e-mails by clicking here, subscribe to our RSS feed here and
add our Knowledge Base browser
plug-in here.

Parallels takes the security of our customers very seriously and encourages you to take the
recommended actions as soon as possible.

 

 

Flexservers sign up form


Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur excepteur sint occaecat cupidatat non

Flexserverslogin form