An IP address of a Plesk mail server got blacklisted. How to troubleshoot?
SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db
Mail quota warnings are not sent
Link to http://www.openspf.org/ returned by Plesk server when SPF validation is failed does not work
Unable to configure External SMTP Server with a non-email address login in Plesk: Unable to encode IDN email address 'jdoe'
CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities
Plesk email account via Outlook IMAP/POP3 returns the following after syncing: Message appears to be a Unicode message and your E-mail reader did not enable Unicode support.
Connection is broken with Qmail, DNSBL over 465 TLS is used: Failed to send some messages - javax.net.ssl.SSLProtocolExpeption:SSL handshake aborted
Unable to send email using PHP mail after Plesk update: Your server might not be configured to send mail using this method
Horde Inbox does not display any email: IMAP error reported by server.

See more

CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities

Danil Dmitrienko

Updated November 13, 2019 01:13

Situation

Vulnerabilities CVE-2019-12094 and CVE-2019-12095 were discovered in Horde web email components.

The exploit uses combination of XSS vulnerability in "Horde Groupware Webmail Edition" and CSRF vulnerability in "Horde Trean" (Web-based bookmarks application).

Plesk does not use any of these components.

Impact

Plesk is not affected.

Call to Action

No actions are required.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request