Skip to main content

Plesk Apache Zero-Day Exploit

June 07, 2013

On Wednesday, June 5, Kingcope distributed, via the seclists.orgs Full Disclosure website, exploit code for a previously unannounced vulnerability in the Plesk hosting control panel solution. The vulnerability impacted by the release is based on a web server PHP misconfiguration in the Plesk application. Information from Parallels may be found here.

Successful exploitation using the published exploit code has been found to lead to full system compromise through command injection through the PHP interpreter. The PHP interpreter utilizes a parameter of “allow_url_include” that is vulnerable to the injection.

As described by TrendMicro:

Plesk uses a default configuration, scriptAlias/phppath/”/usr/bin/” in Apache which directly calls the /usr/bin directory when an attacker requests for /phppath.

Hence the attacker can easily exploit this vulnerability by calling PHP interpreter with unsafe arguments as follow:

/phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on

Kingcode states that the attack has been successfully tested against Plesk versions 8.6, 9.0, 9.2, 9.3 and 9.5.4, but does note that the exploit does not work against the latest version of Plesk.

Due to the availability of the exploit code, the ease of execution and common lack of organizational patching processes, the identified vulnerability is being exploited in the wild. According to vendor, customers utilizing legacy or no-longer-supported versions of the Plesk application, they should implement the latest version of the Plesk application. Multiple solutions for workarounds may be found within the KB article from Parallels.

Organizations that may be impacted by this vulnerability are strongly encouraged to tightly monitor their environments for change until they are able to make the Parallels' recommended changes.

Related Blogs

June 07, 2018

Quick Tips for Building an Effective AppSec Program – Part 3

This is the last post in my series on creating an effective AppSec program within your organization. In my last post, we discussed the importance of t...

See Details

May 10, 2018

Observations on Smoke Tests – Part 3

While attending one of our technology partner’s security training courses, the instructor presented on their product’s various features and capabiliti...

See Details

January 25, 2013

Cloud Information Security Webinar Recap

FishNet Security delivered another successful webinar focusing on cloud security and what you need to know to maximize your success in 2013.

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

RELATED INSIGHTS

May 09, 2018

Application Security

Learn how Optiv can help protect your most critical enterprise applications from both internal and external threats.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

February 16, 2018

Identity and Access Management Health Check

Learn how Optiv can help improve efficiency and optimize performance of your IAM technologies.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.