5
CVSSv2

CVE-2010-0464

Published: 29/01/2010 Updated: 24/08/2015
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Roundcube 0.3.1 and previous versions does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote malicious users to determine the network location of the webmail user by logging DNS requests.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

roundcube webmail 0.1

roundcube webmail 0.2.1

roundcube webmail 0.3

roundcube webmail 0.1.1

roundcube webmail 0.2

roundcube webmail

roundcube webmail 0.2.2

Vendor Advisories

Debian Bug report logs - #569660 CVE-2010-0464: privacy compromise via DNS prefetching in web mail Package: roundcube; Maintainer for roundcube is Debian Roundcube Maintainers <pkg-roundcube-maintainers@listsaliothdebianorg>; Source for roundcube is src:roundcube (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <iu ...