Vulnerability Details CVE-2010-0464
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v2 Score 5.0
References
- http://trac.roundcube.net/ticket/1486449
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:048
- https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
- http://trac.roundcube.net/ticket/1486449
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:048
- https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
Products affected by CVE-2010-0464
-
cpe:2.3:a:roundcube:webmail:-
-
cpe:2.3:a:roundcube:webmail:0.1
-
cpe:2.3:a:roundcube:webmail:0.1.1
-
cpe:2.3:a:roundcube:webmail:0.2
-
cpe:2.3:a:roundcube:webmail:0.2.1
-
cpe:2.3:a:roundcube:webmail:0.2.2
-
cpe:2.3:a:roundcube:webmail:0.3
-
cpe:2.3:a:roundcube:webmail:0.3.1