Plesk Apache Zeroday Remote Exploit

Every now and then I decide to unsubscribe from the Full-Disclosure mailing list. It's not much about any disclosure any more; it is rather a place where people brag about finding XSS vulnerabilities in outdated CMSes, complaints about how the Paypal Bug Bounty Program does not actually pay out, and general ranting.

And then, Kingcope makes a post.

Reportedly, the following Plesk versions are vulnerable:

  • Plesk 9.5.4
  • Plesk 9.3
  • Plesk 9.2
  • Plesk 9.0
  • Plesk 8.6

For now, the vulnerability remains unpatched. However, Plesk users that run vulnerable versions can use the mitigation solutions for CVE-2012-1823, until a patch is released.

Leave a Reply