CVE

Id
37101  
CVE No.
CVE-2008-6984  
Status
Candidate  
Description
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.  
Phase
Assigned (20090817)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
403174 37101 CVE-2008-6984 BUGTRAQ:20080831 Plesk 8.6.0 authentication flaw allows to gain virtual user priviledges  View
403175 37101 CVE-2008-6984 URL:http://www.securityfocus.com/archive/1/495881  View
403176 37101 CVE-2008-6984 BID:30956  View
403177 37101 CVE-2008-6984 URL:http://www.securityfocus.com/bid/30956  View
403178 37101 CVE-2008-6984 OSVDB:51652  View
403179 37101 CVE-2008-6984 URL:http://www.osvdb.org/51652  View
403180 37101 CVE-2008-6984 SECTRACK:1020801  View
403181 37101 CVE-2008-6984 URL:http://www.securitytracker.com/id?1020801  View
403182 37101 CVE-2008-6984 XF:plesk-shortnames-security-bypass(44856)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
42072 JVNDB-2009-003079 Ezphotogallery におけるクロスサイトスクリプティングの脆弱性 Easy Photo Gallery には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2008-6988 37101 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003079.html  View