Fedora 11 : roundcubemail-0.3.1-2.fc11 (2010-1399)

Medium Nessus Plugin ID 47254


The remote Fedora host is missing a security update.


Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0464 to the following vulnerability: Name: CVE-2010-0464 URL:
http://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2010-0464 Assigned:
20100129 Reference: MISC:
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_W ebmail Reference: CONFIRM: http://trac.roundcube.net/ticket/1486449 Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected roundcubemail package.

See Also






Plugin Details

Severity: Medium

ID: 47254

File Name: fedora_2010-1399.nasl

Version: $Revision: 1.9 $

Type: local

Agent: unix

Published: 2010/07/01

Modified: 2015/10/20

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:roundcubemail, cpe:/o:fedoraproject:fedora:11

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2010/02/02

Reference Information

CVE: CVE-2010-0464

FEDORA: 2010-1399

CWE: 200