14 DAY TRIAL // A few days ago, a security expert using the online moniker KingCope published what appeared to be the details of a new zero-day vulnerability affecting Plesk, the popular web hosting control panel developed by Parallels.
The hacker has told Ars Technica that the vulnerability affects even newer versions such as Plesk 9.5.4 and it can be exploited to “get a command line shell remotely with the privileges of the configured Apache user.”
However, Parallels representatives say that none of the currently supported versions – Parallels Plesk Panel 9.5, 10.x and 11.x, and Parallels Plesk Automation – are vulnerable.
In fact, they claim that the “zero-day” is simply a variation of CVE-2012-1823, an older PHP-CGI remote code execution vulnerability.
The company says users of legacy versions and versions that are no longer supported should update their installations. Alternatively, they can apply the workaround suggested by the company last year, when the vulnerability was discovered.