• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

re: Plesk installs php 4.x - which is vulnerable?

J

JVRudnick

Guest
Hello plesk support and users...

I just got a new ded server here at ThePlanet, and I ran a Vulnerabilty Report right off the bat - and found that I have more'n 8 issues all with the version of php that was installed by Plesk 8.2.

They all begin with --
Vulnerability pcsync-https (8443/tcp)
Synopsis : The remote web server uses a version of PHP that is affected by multiple flaws.
Description : According to its banner, the version of PHP installed on the remote host is older than 5.2.6.

What I then asked TP support was why did they install, via my purchased Plesk 8.2 CP, vulnerabilities...and I got the usual run-around that they install only the most stable version...which is something like php 4.x...and it was Plesk's fault as they supplied the CP installer...

Can someone here offer...who's to blame here? Why would Plesk supply a version of php that is vulnerable - and why would ThePlanet not offer support on same....

Help here someone?

???

Jim
 
so...I'm the only guy who's ever run into this vulnerability?

or .... what maybe?

Jim
 
Same problem on 8.6.0.5

I'm having the same problem with PHP4 reporting vulnerabilities.
Did you ever solve this?
 
Back
Top