CVE-2008-6984
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
19/08/2009
Last modified:
09/04/2025
Description
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:parallels:plesk:8.6.0:-:linux\/unix:*:*:*:*:* | ||
| cpe:2.3:a:parallels:plesk:8.6.0:-:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.osvdb.org/51652
- http://www.securityfocus.com/archive/1/495881
- http://www.securityfocus.com/bid/30956
- http://www.securitytracker.com/id?1020801=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44856
- http://www.osvdb.org/51652
- http://www.securityfocus.com/archive/1/495881
- http://www.securityfocus.com/bid/30956
- http://www.securitytracker.com/id?1020801=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44856