Parallels Plesk Panel 9.x, 10.x, 11.x - Privilege Escalation Vulnerability
Please read this message in its entirety and take the recommended actions.
Parallels Plesk Panel privilege escalation vulnerabilities have been discovered and are described in VU#310500 and CVE-2013-0132, CVE-2013-0133 (CVSS score 4.4 - Vulnerability Note VU#310500 - Plesk Panel 11.0.9 privilege escalation vulnerabilities
This impacts Parallels Plesk Panel for Linux versions 9.x, 10.x, 11.x.
You are at risk if you have Apache web server running mod_php, mod_perl, mod_python, etc.
You are NOT at risk if you have Apache web server running Fast CGI (PHP, perl, python, etc.) or CGI (PHP, perl, python, etc.).
Parallels has issued security updates for Parallels Plesk Panel versions 9.x-11.x. The security updates for Parallels Plesk Panel 11.x and Parallels Plesk Panel 10.4.4 will automatically appear inside your Parallels Plesk Panel control panel – please apply them as soon as possible.
The security hotfix for Parallels Plesk 9.x is available for download here: KB Parallels
Parallels understands that it's not always practical for immediate upgrades, so we have provided a solution to fix this vulnerability. For the immediate solution, customers should read this knowledge base article for instructions: KB Parallels
Parallels takes the security of our customers very seriously and encourages you to take the recommended actions as soon as possible.
Customers are also strongly encouraged to subscribe to our support e-mails by clicking here, subscribe to our RSS feed here and add our Knowledge Base browser plug-in here.