Emails sent from a Plesk server to mail services like Gmail, Outlook or Yahoo! Mail appear in spam. How to troubleshoot?
[FIXED BUG] Outgoing mail report shows "Probable spam" warning when there is no spam and vice-versa
[FIXED BUG] Notifications from Plesk are bounced: duplicate header field "Content-Type"
Plesk Obsidian autodiscover does not work with Outlook 365
[BUG] SELinux is preventing /usr/libexec/dovecot/auth from 'write' accesses on the file passwd.db
[FIXED BUG] Mail quota warnings are not sent
[BUG] Link to http://www.openspf.org/ returned by Plesk server when SPF validation is failed does not work
[BUG] Unable to configure External SMTP Server with a non-email address login in Plesk: Unable to encode IDN email address 'jdoe'
CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities
[BUG] Connection is broken with Qmail, DNSBL over 465 TLS is used: Failed to send some messages - javax.net.ssl.SSLProtocolExpeption:SSL handshake aborted

See more

CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities

Danil Dmitrienko

Updated November 13, 2019 01:13

Situation

Vulnerabilities CVE-2019-12094 and CVE-2019-12095 were discovered in Horde web email components.

The exploit uses combination of XSS vulnerability in "Horde Groupware Webmail Edition" and CSRF vulnerability in "Horde Trean" (Web-based bookmarks application).

Plesk does not use any of these components.

Impact

Plesk is not affected.

Call to Action

No actions are required.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request