DNS Prefetching Vulnerability in Horde IMP by Horde
CVE-2010-0463

Currently unrated

Key Information:

Vendor

Horde

Status
Vendor
CVE Published:
29 January 2010

What is CVE-2010-0463?

The vulnerability in Horde IMP allows remote attackers to expose the network locations of webmail users through DNS prefetching. Specifically, versions 4.3.6 and earlier fail to adequately instruct web browsers to prevent DNS queries for domain names contained in email messages. This oversight can lead to sensitive information being leaked, as the attackers can log DNS requests to gain insight into a user’s physical network location.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.