CVE-2010-0464

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
VendorProductVersion
roundcubewebmail
𝑥
≤ 0.3.1
roundcubewebmail
0.1
roundcubewebmail
0.1:20050811
roundcubewebmail
0.1:20050820
roundcubewebmail
0.1:20051007
roundcubewebmail
0.1:20051021
roundcubewebmail
0.1:alpha
roundcubewebmail
0.1:beta
roundcubewebmail
0.1:beta2
roundcubewebmail
0.1:rc1
roundcubewebmail
0.1:rc2
roundcubewebmail
0.1:stable
roundcubewebmail
0.1.1
roundcubewebmail
0.2
roundcubewebmail
0.2:alpha
roundcubewebmail
0.2:beta
roundcubewebmail
0.2:stable
roundcubewebmail
0.2.1
roundcubewebmail
0.2.2
roundcubewebmail
0.3
roundcubewebmail
0.3:beta
roundcubewebmail
0.3:rc1
roundcubewebmail
0.3:stable
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
roundcube
bullseye (security)
1.4.15+dfsg.1-1+deb11u4
fixed
bullseye
1.4.15+dfsg.1-1+deb11u4
fixed
bookworm
1.6.5+dfsg-1+deb12u4
fixed
bookworm (security)
1.6.5+dfsg-1+deb12u4
fixed
sid
1.6.9+dfsg-1
fixed
trixie
1.6.9+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
roundcube
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
dne
Common Weakness Enumeration
References
http://trac.roundcube.net/ticket/1486449
http://www.mandriva.com/security/advisories?name=MDVSA-2010:048
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
http://trac.roundcube.net/ticket/1486449
http://www.mandriva.com/security/advisories?name=MDVSA-2010:048
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail