Article ID: 112399, created on Sep 28, 2011, last review on Aug 12, 2014

  • Applies to:
  • Virtuozzo containers for Linux 4.7
  • Virtuozzo containers for Linux 4.6
  • Virtuozzo containers for Linux 4.0
  • Virtual Automation 4.6


Parallels Virtuozzo Containers for Linux and Parallels Virtual Automation Management Node use Apache as a web server for providing Offline Management and PVA Control Center functionality.
These products are also affected by CVE-2011-3192 .

The issue is fixed in PVA 4.6-1777. 


If your Parallels virtualization product allows an upgrade to 4.6-1777, then it is suggested that you upgrade to that version (for both PVA Agent and PVA Management Nodes).

For more information, refer to this article:
112297 Parallels Virtual Automation 4.6 builds, releases, and supported virtualization products

If your virtualization product is not supported by PVA 4.6-1777, it is possible to apply a workaround.

For PVA Agent (on Parallels Server Bare Metal or Parallels Virtuozzo Containers server), edit /etc/opt/pva/pp/plugins/httpd/httpd22.conf  and  /etc/opt/pva/pp/plugins/httpd/httpd22.conf.template  files and add the highlighted line:
Listen 4643
TraceEnable off
RequestHeader unset Range


For PVA Management Node edit /etc/opt/pva/cc/plugins/httpd/httpd22.conf and /etc/opt/pva/cc/plugins/httpd/httpd22.conf.template files and add the highlighted line:
Listen 4648
TraceEnable off
RequestHeader unset Range


0c05f0c76fec3dd785e9feafce1099a9 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 36627b12981f68a16405a79233409a5e 35c16f1fded8e42577cb3df16429c57a d16a8794b3bdb3f66571d469e71906a9 319940068c5fa20655215d590b7be29b 2897d76d56d2010f4e3a28f864d69223

Email subscription for changes to this article
Save as PDF