Vulnerability CVE-2010-0464 - CERT Civis.Net

Vulnerability Name:

CVE-2010-0464 (CCN-56051)

Assigned:

2010-01-23

Published:

2010-01-23

Updated:

2015-08-24

Summary:

Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2010-0464

Source: CCN
Type: RoundCube Web site
The RoundCube Webmail Project

Source: CCN
Type: RoundCube Webmail Web site
RoundCube should ask browsers to disable DNS prefetching to protect user privacy

Source: CONFIRM
Type: Patch
http://trac.roundcube.net/ticket/1486449

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:048

Source: CCN
Type: OSVDB ID: 62104
Roundcube E-mail Message DNS Prefetching Weakness

Source: CCN
Type: BID-38046
Multiple Vendors Email Clients DNS prefetching Domain Name Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
roundcube-dns-info-disclosure(56051)

Source: MISC
Type: UNKNOWN
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Vulnerable Configuration:

Configuration 1:

cpe:/a:roundcube:webmail:0.1:-:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:20050811:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:20050820:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:20051007:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:20051021:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:alpha:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:beta2:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:rc1:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:rc2:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1:stable:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.1.1:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:-:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:alpha:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2:stable:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2.1:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.2.2:*:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:-:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:beta:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:rc1:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:0.3:stable:*:*:*:*:*:*

OR cpe:/a:roundcube:webmail:*:*:*:*:*:*:*:* (Version <= 0.3.1)

Configuration CCN 1:

cpe:/a:roundcube:roundcube_webmail:0.3.1:*:*:*:*:*:*:*

Denotes that component is vulnerable