Lucene search

K
cve
Cve@mitre.orgCVE-2013-4878
HistoryJul 18, 2013 - 4:51 p.m.

CVE-2013-4878

2013-07-1816:51:00
CWE-264
cve@mitre.org
web.nvd.nist.gov
55
In Wild
cve-2013-4878
parallels plesk panel
unix
small business panel
scriptalias directive
phppath
remote code execution

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.6%

The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.

How to protect your server from attacks?

9.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.038 Low

EPSS

Percentile

91.6%

Related for CVE-2013-4878