Description
Roundcube 0.3.1 and earlier does not request that the web browser avoid DNS prefetching of domain names contained in e-mail messages, which makes it easier for remote attackers to determine the network location of the webmail user by logging DNS requests.
Remediation
References
Related Vulnerabilities
Magento Improper Authentication Vulnerability (CVE-2019-8108)
MySQL CVE-2013-1544 Vulnerability (CVE-2013-1544)
Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)
Oracle Application Server CVE-2008-1814 Vulnerability (CVE-2008-1814)
ReviveAdserver Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7371)