Lucene search
HistoryJan 29, 2010 - 6:30 p.m.
CVE-2010-0464
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.004
Percentile
74.5%
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Affected configurations
Node
roundcubewebmailRange≤0.3.1
ORroundcubewebmailMatch0.1
ORroundcubewebmailMatch0.120050811
ORroundcubewebmailMatch0.120050820
ORroundcubewebmailMatch0.120051007
ORroundcubewebmailMatch0.120051021
ORroundcubewebmailMatch0.1alpha
ORroundcubewebmailMatch0.1beta
ORroundcubewebmailMatch0.1beta2
ORroundcubewebmailMatch0.1rc1
ORroundcubewebmailMatch0.1rc2
ORroundcubewebmailMatch0.1stable
ORroundcubewebmailMatch0.1.1
ORroundcubewebmailMatch0.2
ORroundcubewebmailMatch0.2alpha
ORroundcubewebmailMatch0.2beta
ORroundcubewebmailMatch0.2stable
ORroundcubewebmailMatch0.2.1
ORroundcubewebmailMatch0.2.2
ORroundcubewebmailMatch0.3
ORroundcubewebmailMatch0.3beta
ORroundcubewebmailMatch0.3rc1
ORroundcubewebmailMatch0.3stable
| Vendor | Product | Version | CPE |
|---|---|---|---|
| roundcube | webmail | * | cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:*:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:20050811:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:20050820:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:20051007:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:20051021:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:alpha:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:beta:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:beta2:*:*:*:*:*:* |
| roundcube | webmail | 0.1 | cpe:2.3:a:roundcube:webmail:0.1:rc1:*:*:*:*:*:* |
Related
debian
debian
[Backports-security-announce] Security Update for roundcube
2010-02-17 14:48:07
[Backports-security-announce] Security Update for roundcube
2010-02-17 14:48:23
[Backports-security-announce] Security Update for roundcube
2010-02-17 14:48:07
openvas
openvas
Mandriva Update for roundcubemail MDVSA-2010:048 (roundcubemail)
2010-03-02 00:00:00
Mandriva Update for roundcubemail MDVSA-2010:048 (roundcubemail)
2010-03-02 00:00:00
Fedora Update for roundcubemail FEDORA-2010-1399
2010-03-02 00:00:00
debiancve
debiancve
CVE-2010-0464
2010-01-29 18:30:01
fedora
fedora
[SECURITY] Fedora 12 Update: roundcubemail-0.3.1-2.fc12
2010-02-02 20:41:40
[SECURITY] Fedora 11 Update: roundcubemail-0.3.1-2.fc11
2010-02-02 20:42:57
cvelist
cvelist
CVE-2010-0464
2010-01-29 18:00:00
nessus
nessus
Fedora 12 : roundcubemail-0.3.1-2.fc12 (2010-1385)
2010-07-01 00:00:00
Fedora 11 : roundcubemail-0.3.1-2.fc11 (2010-1399)
2010-07-01 00:00:00
securityvulns
securityvulns
[ MDVSA-2010:048 ] roundcubemail
2010-02-25 00:00:00
prion
prion
Cross site request forgery (csrf)
2010-01-29 18:30:00
ubuntucve
ubuntucve
CVE-2010-0464
2010-01-29 00:00:00
cve
cve
CVE-2010-0464
2010-01-29 18:30:01
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.4
Confidence
Low
EPSS
0.004
Percentile
74.5%
Related for NVD:CVE-2010-0464