Strix
26.1K

CVE-2010-0463

UnknownEPSS 1.94%

Last modified

CVE-2010-0463 is a vulnerability of currently unknown severity. Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.. EPSS estimates a 1.94% chance of exploitation in the next 30 days.

Description

Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

Metrics

EPSS Probability
1.94%

77.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
HordeImp<= 4.3.6
HordeImp2.0
HordeImp2.2
HordeImp2.2.1
HordeImp2.2.2
HordeImp2.2.3
HordeImp2.2.4
HordeImp2.2.5
HordeImp2.2.6
HordeImp2.2.7
HordeImp2.2.8
HordeImp2.3
HordeImp3.0
HordeImp3.1
HordeImp3.1.2
HordeImp3.2
HordeImp3.2.1
HordeImp3.2.2
HordeImp3.2.3
HordeImp3.2.4
HordeImp3.2.5
HordeImp3.2.6
HordeImp3.2.7
HordeImp4.0
HordeImp4.0.1
HordeImp4.0.2
HordeImp4.0.3
HordeImp4.0.4
HordeImp4.1.3
HordeImp4.1.5
HordeImp4.1.6
HordeImp4.2
HordeImp4.2.1
HordeImp4.2.2
HordeImp4.3
HordeImp4.3.1
HordeImp4.3.2
HordeImp4.3.3
HordeImp4.3.4
HordeImp4.3.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-0463?
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
How severe is CVE-2010-0463?
Severity scoring for CVE-2010-0463 is pending analysis. The EPSS model estimates a 1.94% probability of exploitation in the next 30 days.
How do I fix CVE-2010-0463?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0463?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST