• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.

TRACE/TRACK XSS Vulnerability Plesk Patch

G

GARMTECH

Guest
TRACE/TRACK XSS Vulnerability Plesk Patch
Patching vhost.conf, vhost_ssl.conf files and skeleton tree.
(http://www.kb.cert.org/vuls/id/867593 )

Copyright 2005 GARM Technologies (http://www.garmtech.lv)
Concept and code by Max Korzhanov ([email protected])

Tested on:
  • Virtuozzo VPS, Fedora Core 1, Plesk 7.5.2
  • Virtuozzo VPS, Fedora Core 2, Plesk 7.5.2
Should be okay on RedHat, Fedora Core and CentOS systems and Plesk 7.x.
I would appreciate for your comments about running on other systems and Plesk versions.

Web/HTTP installation
Download TRACKPATCH.sh file from http://www.garmtech.lv/web/TRACEPATCH.sh to your local hard drive.
Login intro Plesk as administrator (admin).
Choose Modules management menu.
Click on Add Module button.
Using "Browse..." button choose downloaded TRACKPATCH.sh file.
Press "OK".
Server is patched!

Terminal/SSH installation
Login intro your Plesk server as root.
Code: 
 # wget http://www.garmtech.lv/web/TRACEPATCH.sh
 # chmod +x TRACEPATCH.sh
 # ./TRACEPATCH.sh
Press Enter.
Server is patched!

Uninstall (Only in Terminal/SSH)
Login intro your Plesk server as root.
Code: 
 # wget http://www.garmtech.lv/web/TRACEPATCH.sh
 # chmod +x TRACEPATCH.sh
 # ./TRACEPATCH.sh -d
Press Enter.
Server is clean from patch as a baby's bottom!

P.S. As I said before: I would appreciate for any your comments.
 
You must log in or register to reply here.

Similar threads

S
Apache does not apply .htaccess directives for certain files after migration through Plesk Migrator
Replies
2
Views
3K
NewGate
N
Lenny
Resolved Seeking Assistance with API Communication Issues via SSL on Plesk
Replies
4
Views
3K
Lenny
Lenny
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
7
Views
6K
grizlyadams
G
duy13
[AntiDDoS] for Plesk Panel with vDDoS Proxy Protection
Replies
0
Views
4K
duy13
duy13
jhernanper
Issue Unable to install SuiteCRM: Symfony Runtime Exception. Tried everything - desperate
Replies
1
Views
5K
Maarten
M
Back
Top