CVE-2010-0464Sensitive Information Exposure in Webmail

CWE-200Sensitive Information Exposure8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 50.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Roundcube Webmail
Timeline
PublishedJan 29
Latest updateMay 2

Description

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDroundcube/webmail0.3.1+6

Patches

Patch: trac.roundcube.netPatch: trac.roundcube.net

🔴Vulnerability Details

3
GHSA
GHSA-q33h-xmcx-jm3h: Roundcube 02022-05-02
OSV
CVE-2010-0464: Roundcube 02010-01-29
CVEList
CVE-2010-0464: Roundcube 02010-01-29

📋Vendor Advisories

2
Red Hat
roundcubemail: privacy compromise via DNS prefetching in web mail2010-01-23
Debian
CVE-2010-0464: roundcube - Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS pref...2010

💬Community

2
Bugzilla
Fix for CVE-2010-0464 in Roundcube 0.1.1 in EPEL52012-11-14
Bugzilla
CVE-2010-0464 roundcubemail: privacy compromise via DNS prefetching in web mail2010-01-29
CVE-2010-0464 — Sensitive Information Exposure | cvebase