Comodo certificate installed for the mail server. Mail client shows certificate expired
[FIXED BUG] Unable to send email via PHP: Rejecting message: system user uid='XXXX' is not allowed to send mail
Unable to send email via Gmail: TLS Negotiation failed, the certificate doesn't match the host
Unable to receive mail on example.com
Unable to select webmail for a domain while webmail software is installed on a server: none
How to activate mail autodiscover for all existing domains on Plesk server?
[FIXED BUG] After switching from Courier IMAP to Dovecot emails are duplicated into POP3 account
[FIXED BUG] Folders with special characters are displayed incorrectly after upgrade to Obsidian 18.0.25
[FIXED BUG] Outgoing mail report in Plesk shows "Probable spam" warning when there is no spam and vice-versa
Mails sent with delay: Blocked MTA-BLOCKED {TempFailedInbound}

See more

CVE-2019-12094 and CVE-2019-12095: Horde vulnerabilities

Danil Dmitrienko

Updated April 12, 2020 13:13

Situation

Vulnerabilities CVE-2019-12094 and CVE-2019-12095 were discovered in Horde web email components.

The exploit uses combination of XSS vulnerability in "Horde Groupware Webmail Edition" and CSRF vulnerability in "Horde Trean" (Web-based bookmarks application).

Plesk does not use any of these components.

Impact

Plesk is not affected.

Call to Action

No actions are required.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request