Article ID: 114375, created on Jul 14, 2012, last review on May 5, 2014

  • Applies to:
  • Plesk 10.4 for Windows
  • Plesk 10.3 for Windows
  • Plesk 10.2 for Windows
  • Plesk 10.1 for Windows
  • Plesk 10.0.x for Windows
  • Plesk 9.x for Windows
  • Plesk 8.x for Windows

Resolution

This article provides fixes for the most critical vulnerabilities in older Parallels Plesk Panel versions, including 8.x, 9.0.x - 9.5.5, and 10.0.x - 10.4.4 on Windows.
Even earlier versions, such as 7.x, 6.x, etc., must be upgraded to a later version that is not vulnerable.
NOTE: These fixes are available on Parallels Plesk Panel 9.5.5 for Windows through the Micro-Update technology as of the 9.5.5 MU#5 release.

The recommended way to perform these fixes is to apply them automatically to the Parallels Plesk Panel server using the plesk_remote_vulnerability_fix_deployer script:

1. Upload the attached plesk_remote_vulnerability_fix_deployer.zip archive onto the Parallels Plesk Panel server.
2. Uncompress the archive to a temporary directory.
3. Go to the temporary directory and run the following command:
"%plesk_bin%\php" -d auto_prepend_file="" plesk_remote_vulnerability_fix_deployer.php

NOTE: To simplify a mass deployment in the Parallels Virtuozzo Containers (PVC) for Windows environment, it is recommended that you utilize the plesk_remote_vulnerability_fix_mass_deployer script:

1. Upload the attached plesk_remote_vulnerability_fix_mass_deployer.zip archive on the PVC Windows Hardware Node.
2. Uncompress the archive to a temporary directory.
3. Go to the temporary directory and run the following command:
plesk_remote_vulnerability_fix_mass_deployer.bat

Expand specific

If you have Parallels Plesk Panel 9.5.4 for Linux or 9.5.4/9.5.5 for Windows, which are managed by Parallels Expand, Parallels Plesk Panel 9.5.4 and Parallels Plesk Expand 2.3.2+ Compatibility Patch should be installed after applying the MUs or custom fixes.

 

Attachments

c45acecf540ecd42a4bbfb242ce02b1d 56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 85a92ca67f2200d36506862eaa6ed6b8 ff5a00b8ead2e480367b019417a04207 c796c01d6951fa24ed54c7f1111667c6 9e077d0ffcd7a88f7d9f0646d5e70ec5 df2db7f3302fe384002b885ca84f1a2f f2d85fccc955a226f0b30e58456170cb 54579744b69fb80c0c96c212e7a96aa0 aac4a8fcd879de03758354e15495d69a

Email subscription for changes to this article
Save as PDF