CVE-2010-0463Sensitive Information Exposure in IMP

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 50.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Horde IMP
Timeline
PublishedJan 29
Latest updateMay 2

Description

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDhorde/imp4.3.6+39

Patches

Patch: bugs.horde.orgPatch: bugs.horde.org

🔴Vulnerability Details

1
GHSA
GHSA-g9xm-ww44-j6j9: Horde IMP 42022-05-02

📋Vendor Advisories

1
Red Hat
imp: privacy compromise via DNS prefetching in web mail2010-01-23

💬Community

1
Bugzilla
CVE-2010-0463 horde / imp: privacy compromise via DNS prefetching in web mail2010-01-29