Vulnerability Description
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Horde | Imp | <= 4.3.6 |
Related Weaknesses (CWE)
References
- http://bugs.horde.org/ticket/8836Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56052
- https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
- http://bugs.horde.org/ticket/8836Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56052
- https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
FAQ
What is CVE-2010-0463?
CVE-2010-0463 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the networ...
How severe is CVE-2010-0463?
CVE-2010-0463 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0463?
Check the references section above for vendor advisories and patch information. Affected products include: Horde Imp.