CVE-2010-0463

Horde IMP < 4.3.6 - Exposure of Sensitive Information via DNS Prefetching

Title source: llm
STIX 2.1

Description

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56052
Patch x_refsource_confirm
http://bugs.horde.org/ticket/8836

Scores

EPSS 0.0194
EPSS Percentile 77.8%

Details

CWE
CWE-200
Status published
Products (40)
horde/imp 2.0
horde/imp 2.2
horde/imp 2.2.1
horde/imp 2.2.2
horde/imp 2.2.3
horde/imp 2.2.4
horde/imp 2.2.5
horde/imp 2.2.6
horde/imp 2.2.7
horde/imp 2.2.8
... and 30 more
Published Jan 29, 2010
Tracked Since Feb 18, 2026