Older Plesk Versions - Remote vulnerability in Plesk (CVE-2012-1557)

Refers to:

  • Plesk 10.x and below for Linux


2016-11-16 12:48:38 UTC


2017-01-31 10:04:28 UTC


Was this article helpful?

Have more questions?

Submit a request

Older Plesk Versions - Remote vulnerability in Plesk (CVE-2012-1557)


This article is created in order to provide the most explicit information in regards to a Plesk remote security vulnerability (CVE-2012-1557).

Background Information

An anonymous attacker can remotely compromise Plesk server.

Affected Versions

Plesk versions that were affected by the vulnerability:

  • Plesk for Linux / Windows 7\.x
  • Plesk for Linux / Windows 8\.x
  • Plesk for Linux / Windows 9\.x
  • Plesk for Linux / Windows 10\.0 - 10.3.1

Plesk team takes the security of our Partners very seriously and encourages you to take actions recommended below as soon as possible. Plesk team understands that it may not be plausible at this time to perform a full upgrade to the latest release of Plesk which is not affected, thus there was a set of Micro-Updates released for each major version affected which will resolve the security issue without the necessity of a system upgrade.

Server Vulnerability Check

In order to check whether your server is subjected to the security vulnerability announced previously please refer to the article that describes the script created by Plesk Developers to automate the verification procedure:

  • 113424 How to make sure if your Plesk 8.x, 9.x, 10.0, 10.1, 10.2 or 10.3 is not vulnerable

Server Vulnerability Fix

If your server is vulnerable, make sure that one of the following Micro-Updates applied immediately:

** Plesk Version** ** Windows** ** Linux**
Custom Fix Micro-Update Custom Fix Micro-Update
Plesk 8.1 [KB213414649] - [KB213924345] -
Plesk 8.2 [KB213414649] - [KB213924345] -
Plesk 8.3 [KB213414649] - [KB213924345] -
Plesk 8.4 [KB213414649] - [KB213924345] -
Plesk 8.6.0 [KB213414649] - - [8.6.0 MU#2]
Plesk 9.0 [KB213414649] - [KB213924345] -
Plesk 9.2.x [KB213414649] - [KB213924345] -
Plesk 9.3 [KB213414649] - [KB213924345] -
Plesk 9.5 [KB213414649] [9.5.5 MU#1] - [9.5.4 MU#11]
Plesk 10.0.x [KB213414649] [10.0.1 MU#13] [KB213924345] [10.0.1 MU#13]
Plesk 10.1 [KB213414649] [10.1.1 MU#22] [KB213924345] [10.1.1 MU#22]
Plesk 10.2 [KB213414649] [10.2.0 MU#16] [KB213924345] [10.2.0 MU#16]
Plesk 10.3.1 - [10.3.1 MU#5] - [10.3.1 MU#5]

The complete guide for applying Microupdates you can find on the following link:

  • 213943585 Using Microupdates in Plesk 8.6, 9.5.x, 10.x and Small Business Panel

Plesk for Virtuozzo Specific

If your Plesk installation runs inside Virtuozzo containers virtual environment, Micro-Updates or updated Virtuozzo containers templates should be installed using the following guide:

  • 213367649 How to install the latest Microupdates for Plesk to a Virtuozzo Linux container
  • 113407 New Virtuozzo containers templates for Plesk 8.6.0, 9.5, 10.0, 10.1, 10.2 Windows and regular distribution kit for Plesk 8.6.0 and 9.5.5 Windows versions with included security fixes
  • 7110 Microupdates are not applied automatically if Panel for Linux is installed inside Containers by means of Virtuozzo template

Best Practices

In order to be on a safe side we recommend that you secure your server and your customers' subscriptions by resetting passwords for all Plesk accounts using the script from Plesk Developers:


    # php -d open_basedir= -d safe_mode=0 plesk_password_changer.php `cat /etc/psa/.psa.shadow` --clean-up-sessions

If you have a Plesk 8\.x or Plesk 9\.x server we recommend to migrate it to Plesk 11 or later versions. Plesk *11 * does not have this security vulnerability.

NOTE that a migration should be performed, not an upgrade , because the migration process can be easily rolled back.

Moreover, during migration the source Plesk server continues working along with sites registered in it, while an upgrade could cause downtime of services.

Additional information

If a corresponding Micro-Update or Custom Fix was installed on your server it will fix the security issue on your server.

We hope that this information will help you to secure data on your server from the malicious attacks.

Have more questions? Submit a request
Please sign in to leave a comment.