Information disclosure in Horde Imp

CVE-2010-0463

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by loggi…

Vulnerability class: Information Disclosure

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

Affected products

Horde Imp — versions 4.0.2, 3.1.2, 3.2.7
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Patch)
horde-dns-info-disclosure(56052) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)