Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2011-4851
HistoryDec 16, 2011 - 11:55 a.m.

CVE-2011-4851

2011-12-1611:55:13
CWE-255
mitre
web.nvd.nist.gov
28
parallels plesk
panel 10.4.4
autocomplete
bypass
cve-2011-4851
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.005

Percentile

77.4%

JSON

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files.

Affected configurations

Nvd
Node
parallelsparallels_plesk_panelMatch10.4.4_build20111103.18
AND
microsoftwindows_2003_server
OR
microsoftwindows_server_2008Match-
VendorProductVersionCPE
parallelsparallels_plesk_panel10.4.4_build20111103.18cpe:2.3:a:parallels:parallels_plesk_panel:10.4.4_build20111103.18:*:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:*:*:*:*

Related

cvelist 1
nvd 1
prion 1
cvelist
cvelist
CVE-2011-4851
2011-12-16 11:00:00
nvd
nvd
CVE-2011-4851
2011-12-16 11:55:13
prion
prion
Authentication flaw
2011-12-16 11:55:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.005

Percentile

77.4%

JSON
Related for CVE-2011-4851
cvelist1nvd1prion1