Unable to send email via Gmail: TLS Negotiation failed, the certificate doesn't match the host
Unable to receive mail on example.com
Unable to select webmail for a domain while webmail software is installed on a server: none
[FIXED BUG] After switching from Courier IMAP to Dovecot emails are duplicated into POP3 account
[FIXED BUG] Folders with special characters are displayed incorrectly after upgrade to Obsidian 18.0.25
[FIXED BUG] Outgoing mail report shows "Probable spam" warning when there is no spam and vice-versa
Mails sent with delay: Blocked MTA-BLOCKED {TempFailedInbound}
Horde (webmail) refreshes the login page when entering the correct password
[FIXED BUG] Notifications from Plesk are bounced: duplicate header field "Content-Type"
[BUG] Mail autodiscover option is not visible in Mail Server Settings

See more

CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities

Danil Dmitrienko

Updated April 12, 2020 13:13

Situation

Vulnerabilities CVE-2019-12094 and CVE-2019-12095 were discovered in Horde web email components.

The exploit uses combination of XSS vulnerability in "Horde Groupware Webmail Edition" and CSRF vulnerability in "Horde Trean" (Web-based bookmarks application).

Plesk does not use any of these components.

Impact

Plesk is not affected.

Call to Action

No actions are required.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request