1and1 Help Centre Categories

print article

Patch the Remote Vulnerability in Plesk (Windows)

Learn how to patch the vulnerability for your Linux server running Plesk 10.3 or earlier that has not been patched or compromised.

Check for the Plesk remote vulnerability before proceeding. It will be necessary to replace the compromised files for the following versions of Plesk:

Plesk 8.1 for Windows
Plesk 8.2 for Windows
Plesk 8.3 for Windows
Plesk 8.4 for Windows
Plesk 8.6 for Windows
Plesk 9.0 for Windows
Plesk 9.2 for Windows
Plesk 9.3 for Windows
Plesk 9.5 for Windows
Plesk 10.0.x for Windows
Plesk 10.1 for Windows
Plesk 10.2 for Windows

All older versions must be updated to a newer version. Replace the following files (dependent on your version of Plesk) with the patched version from Parallels Plesk Versions.

%plesk_dir% is the environment variable defined in the system during the Plesk Panel installation. You will have to substitute the correct path below, based on your server:
32bit -- C:\Program Files\Parallels\Plesk\
64bit -- C:\Program Files (x86)\Parallels\Plesk\

Plesk 8.1.1 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 8.2.0 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 8.3.0 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 8.4.0 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 8.6.0 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 9.0 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 9.2.0 - 9.2.3 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 9.3.0 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 9.5.1 - Plesk 9.5.5 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 10.0.1 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 10.1.1 %plesk_dir%\admin\plib\api-rpc\Agent.php
Plesk 10.2.0 %plesk_dir%\admin\plib\api-rpc\Agent.php

Once you have cleaned your system, change all Plesk passwords. Parallels offers you instructions and script on Parallels Plesk Mass.