Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0001 A vulnerability has been identified in Parallels Plesk Panel 3 January 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Parallels Plesk Panel Operating System: Linux variants Windows Impact/Access: Cross-site Request Forgery -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2013-6275 Member content until: Sunday, February 2 2014 OVERVIEW A vulnerability has been identified in Parallels Plesk Panel versions prior to 11.5.30 MU#28. [1] IMPACT The vendor has provided the following information concerning the vulnerability: "The 11.5.30 MU#28 update is recommended for all PP users and includes general functionality fixes that improve the stability, compatibility, and security of your PP server. (Windows) PHP 5.3 has been updated to version 5.3.28. (Windows) PHP 5.4 has been updated to version 5.4.23. (Linux) The Horde webmail has been updated to version 5.1.5. In this version, the CVE-2013-6275 vulnerability is closed." [1] MITIGATION Users should update to the latest MU# of their version of Plesk Panel. REFERENCES [1] Parallels Plesk Panel 11.5.30 MU#28 http://kb.parallels.com/en/119315 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUsZD0xLndAQH1ShLAQIhrBAArBIJ0ze/vceNTe2uBsdr7Ahc52GYCMAP UPONGoSuuy/ThSxVAY7w7Y2jic5ENS6N4fySOXcpbfck2+8H3OEdeWT9oPpiPBvM 25kPlmiBxLcfsX5PlreXYPNsCeKj4dbQAlFxgwUiXQRsZ4Pm+XCjk/pgVl1Og2RN OzjR8/ge797mF659itAlWoc4fLVXTOdDyLXNl1C8uvqacLqeXdxwb7GKiGt0VaKv kCWIVVGi1C8wOlUhlyb6MHPvC7rFsirmyiN8rivLhMlT1Q6lP4TVeY6B/Sz41xaF Da9jgToKE/y+e+Am/8xdaBkwhBLVYgN4RePu1TueKwonkP7/+YEkxs1gnmLSxfRC uQ7MOqZQwJ7mp/x975/N7ICF3z3PDs+iksN25FfBOMD0BLzyVA9clDvx1RH9Q47u PPIWF/b2I2iSVjFP1HrOHIF+z0spkJQgZ23v5MGeI+0Rd+Zz+7pNsyOT8ynnhE1k tLMbCS9qLNbziuub5mYoGLWjtcXHpDyxyHMvnDj2XAaifd5e5VkNFzPn/osTyrFU 7xh7yDpSYvEVLn1GZQsR/fRqm8Bb8YIAKYCq1iGYy/9E3vt2SXGYvWG14YSzVtd+ Z6m4sfWSqP2KVBzl8F4jEGWGU6RVufxs2hD+dWxcK7yXEiJohHYM6/1hisWlm4QB 6Wdljjrq/qQ= =VGZF -----END PGP SIGNATURE-----