CVE-2010-0463
Horde IMP < 4.3.6 - Exposure of Sensitive Information via DNS Prefetching
Title source: llmDescription
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56052
Various Sources x_refsource_misc
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
Patch x_refsource_confirm
http://bugs.horde.org/ticket/8836
Scores
EPSS
0.0194
EPSS Percentile
77.8%
Details
CWE
CWE-200
Status
published
Products (40)
horde/imp
2.0
horde/imp
2.2
horde/imp
2.2.1
horde/imp
2.2.2
horde/imp
2.2.3
horde/imp
2.2.4
horde/imp
2.2.5
horde/imp
2.2.6
horde/imp
2.2.7
horde/imp
2.2.8
... and 30 more
Published
Jan 29, 2010
Tracked Since
Feb 18, 2026