Resultados 1 a 2 de 2
  1. #1
    Super Moderador
    Data de Ingresso
    Sep 2010

    Falha de Segurança do PHP no Plesk para Linux versiões 9.0 - 9.2.3.


    Parallels Customer,

    Please read this message in its entirely and take the recommended actions.

    An open source PHP security vulnerability was identified that impacts some of Parallels products. The goal of this email is to make you aware of the situation.

    NOTE: This impacts Parallels Plesk Panel for Linux versions 9.0 - 9.2.3 only.

    The PHP Group and the United States Computer Emergency Readiness Team (US-CERT) issued a vulnerability alert on 3 May that PHP-CGI-based setups contain vulnerability when parsing query string parameters from PHP files. You can find more information at the PHP's website. A permanent solution has not been provided by the Open Source PHP community as of 5 pm PDT on May 4, 2012.

    A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.

    Parallels Products Impacted
    Parallels Plesk Panel for Linux versions 9.0 - 9.2.3.

    Solution/Call To Action
    As per the Parallels Plesk Lifecycle Policy, these versions do not provide ongoing patch support. Having customers upgrade to the latest version of Parallels Plesk Panel will eliminate this vulnerability.

    Parallels understands that it's not always practical for immediate upgrades, so we have provided a solution to fix this vulnerability. For the immediate solution, customers should read this knowledge base article for instructions: KB Parallels

    Customers are also strongly encouraged to subscribe to our support e-mails by clicking here, subscribe to our RSS feed here and add our Knowledge Base browser plug-in here.

    Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.

    Para saber como resolver acesse: KB Parallels
    Siga-nos em nosso twitter: @wht_brasil

  2. #2
    Aspirante a Evangelist
    Data de Ingresso
    Feb 2012
    Lisboa, Portugal
    Nada disto acontecia se o plesk tivesse desde sempre um sistema de actualizações a serio como o cPanel.
    Sampling Line - Serviços e Internet, Lda.
    PTServidor - Alojamento Web, Domínios, Lojas, VPS, Radios, Dedicados, Housing/Colocation
    Blog PTServidor | Registrar Oficial FCCN|MS Partner|R1Soft

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens