Search for:

Available article translations:

[FIX] Older Plesk Versions - Remote vulnerability in Plesk (CVE-2012-1557)

Article ID: 113321, created on Feb 15, 2012, last review on Oct 25, 2015

  • Plesk 12.0 for Linux


This article is created in order to provide the most explicit information in regards to a Plesk remote security vulnerability (CVE-2012-1557).

Background Information

An anonymous attacker can remotely compromise Plesk server.

Affected Versions

Plesk versions that were affected by the vulnerability:

  • Plesk for Linux / Windows 7.x
  • Plesk for Linux / Windows 8.x
  • Plesk for Linux / Windows 9.x
  • Plesk for Linux / Windows 10.0 - 10.3.1

Odin takes the security of our Partners very seriously and encourages you to take actions recommended below as soon as possible. Odin understands that it may not be plausible at this time to perform a full upgrade to the latest release of Plesk 11 which is not affected, thus there was a set of Micro-Updates released for each major version affected which will resolve the security issue without the necessity of a system upgrade.

Server Vulnerability Check

In order to check whether your server is subjected to the security vulnerability announced previously please refer to the article that describes the script created by Plesk Service Team to automate the verification procedure:

  • 113424 How to make sure if your Plesk 8.x, 9.x, 10.0, 10.1, 10.2 or 10.3 is not vulnerable

Server Vulnerability Fix

If your server is vulnerable, make sure that one of the following Micro-Updates applied immediately:

** Plesk Version** ** Windows** ** Linux**
Custom Fix Micro-Update Custom Fix Micro-Update
Plesk 8.1 [KB112303]( - [KB113313]( -
Plesk 8.2 [KB112303]( - [KB113313]( -
Plesk 8.3 [KB112303]( - [KB113313]( -
Plesk 8.4 [KB112303]( - [KB113313]( -
Plesk 8.6.0 [KB112303]( - - [8\.6.0 MU#2](
Plesk 9.0 [KB112303]( - [KB113313]( -
Plesk 9.2.x [KB112303]( - [KB113313]( -
Plesk 9.3 [KB112303]( - [KB113313]( -
Plesk 9.5 [KB112303]( [9\.5.5 MU#1]( - [9\.5.4 MU#11](
Plesk 10.0.x [KB112303]( [10\.0.1 MU#13]( [KB113313]( [10\.0.1 MU#13](
Plesk 10.1 [KB112303]( [10\.1.1 MU#22]( [KB113313]( [10\.1.1 MU#22](
Plesk 10.2 [KB112303]( [10\.2.0 MU#16]( [KB113313]( [10\.2.0 MU#16](
Plesk 10.3.1 - [10\.3.1 MU#5]( - [10\.3.1 MU#5](

The complete guide for applying Microupdates you can find on the following link: 

  • 9294 Using Microupdates in Plesk 8.6, 9.5.x, 10.x and Small Business Panel

Plesk for Virtuozzo Specific

If your Plesk installation runs inside Virtuozzo containers virtual environment, Micro-Updates or updated Virtuozzo containers templates should be installed using the following guide:

  • 113441 How to install the latest Microupdates for Plesk to a Virtuozzo Linux container
  • 113407 New Virtuozzo containers templates for Plesk 8.6.0, 9.5, 10.0, 10.1, 10.2 Windows and regular distribution kit for Plesk 8.6.0 and 9.5.5 Windows versions with included security fixes
  • 7110 Microupdates are not applied automatically if Panel for Linux is installed inside Containers by means of Virtuozzo template

Best Practices

In order to be on a safe side we recommend that you secure your server and your customers' subscriptions by resetting passwords for all Plesk accounts using the script from Plesk Service Team:

  • 113391 Plesk Mass Password Reset Script


    # php -d open_basedir= -d safe_mode=0 plesk_password_changer.php `cat /etc/psa/.psa.shadow` --clean-up-sessions

If you have a Plesk 8.x or Plesk 9.x server we recommend to migrate it to Plesk 11.* Plesk 11 does not have this security vulnerability.*  NOTE that a migration should be performed, not an upgrade, because the migration process can be easily rolled back.  Moreover, during migration the source Parallels Plesk Panel server continues working along with sites registered in it, while an upgrade could cause downtime of services.

Additional information

If a corresponding Micro-Update or Custom Fix was installed on your server it will fix the security issue on your server.

We hope that this information will help you to secure data on your server from the malicious attacks.

Search words:

plesk default page when reboot server

Remote vulnerability in Plesk (CVE-2012-1557)

56797cefb1efc9130f7c48a7d1db0f0c a914db3fdc7a53ddcfd1b2db8f5a1b9c 29d1e90fd304f01e6420fbe60f66f838 2a5151f57629129e26ff206d171fbb5f e335d9adf7edffca6a8af8039031a4c7

Was this article helpful?
Tell us how we may improve it.
Yes No
Server Virtualization
- Odin Cloud Server
- Odin Containers for Windows 6.0
- Odin Virtuozzo Containers
- Odin Automation
- Odin Automation for Cloud Infrastructure
- Odin Business Automation Standard
- Odin Virtual Automation
- Odin Plesk Panel Suite
- Web Presence Builder
- Odin Plesk Automation
- Odin Small Business Panel
- Value-added Services for Hosters
- Odin Partner Storefront
Services & Resources
- Cloud Acceleration Services
- Professional Services
- Support Services
- Training & Certification