Horde IMP Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Horde IMP and is prone to Information Disclosure vulnerability

Impact

Successful exploitation allows remote attackers to determine the network location of the webmail user by logging DNS requests. Impact Level: Application.

Solution

Apply the appropriate patch from vendor. For updates refer to http://www.horde.org/ ***** NOTE: Ignore this warning, if patch is installed. *****

Insight

The flaw exists when DNS prefetching of domain names contained in links within e-mail messages.

Affected

Horde IMP version 4.3.6 and prior.

References

http://bugs.horde.org/ticket/8836
http://www.security-database.com/detail.php?alert=CVE-2010-0463
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-0463

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple Safari Multiple Memory Corruption Vulnerabilities-02 Aug14 (Mac OS X)
Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
Adobe Reader Privelege Escalation Vulnerability - Jul07 (Mac OS X)
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Adobe Reader Information Disclosure & Code Execution Vulnerabilities (Linux)

Take action and discover your vulnerabilities