6.9 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
73.9%
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
CPE | Name | Operator | Version |
---|---|---|---|
webmail | eq | 0.1 rc1 | |
webmail | eq | 0.1 20050820 | |
webmail | eq | 0.1 20051007 | |
webmail | eq | 0.1 | |
webmail | eq | 0.1 beta2 | |
webmail | eq | 0.1 beta | |
webmail | eq | 0.1 20050811 | |
webmail | eq | 0.3 rc1 | |
webmail | eq | 0.2 stable | |
webmail | eq | 0.2 alpha |