CVSS: 5.0EPSS: 0%CPEs: 41EXPL: 0CVE-2010-0463
https://notcve.org/view.php?id=CVE-2010-0463
Horde IMP 4.3.6 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests. Horde IMP v4.3.6 y anteriores no solicitan que el navegador web permita el "prefetching" DNS de los nombres de dominio contenidos en mensajes de correo electrónico, lo que facilita a atacantes remotos determinar la localización de red del usuario de webmail mediante peticiones de logggin DNS. • http://bugs.horde.org/ticket/8836 https://exchange.xforce.ibmcloud.com/vulnerabilities/56052 https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •