NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Surgemail | Netwin | 1.0c (including) | 1.0c (including) |
Surgemail | Netwin | 1.0d (including) | 1.0d (including) |
Surgemail | Netwin | 1.1a (including) | 1.1a (including) |
Surgemail | Netwin | 1.1b (including) | 1.1b (including) |
Surgemail | Netwin | 1.1c (including) | 1.1c (including) |
Surgemail | Netwin | 1.1d (including) | 1.1d (including) |
Surgemail | Netwin | 1.2a (including) | 1.2a (including) |
Surgemail | Netwin | 1.2b (including) | 1.2b (including) |
Surgemail | Netwin | 1.2c (including) | 1.2c (including) |
Surgemail | Netwin | 1.3a (including) | 1.3a (including) |
Surgemail | Netwin | 1.3a_rc1 (including) | 1.3a_rc1 (including) |
Surgemail | Netwin | 1.3b (including) | 1.3b (including) |
Surgemail | Netwin | 1.3c (including) | 1.3c (including) |
Surgemail | Netwin | 1.3d (including) | 1.3d (including) |
Surgemail | Netwin | 1.3e (including) | 1.3e (including) |
Surgemail | Netwin | 1.3f (including) | 1.3f (including) |
Surgemail | Netwin | 1.3g (including) | 1.3g (including) |
Surgemail | Netwin | 1.3h (including) | 1.3h (including) |
Surgemail | Netwin | 1.3i (including) | 1.3i (including) |
Surgemail | Netwin | 1.3j (including) | 1.3j (including) |
Surgemail | Netwin | 1.3k (including) | 1.3k (including) |
Surgemail | Netwin | 1.3l (including) | 1.3l (including) |
Surgemail | Netwin | 1.4a (including) | 1.4a (including) |
Surgemail | Netwin | 1.4b (including) | 1.4b (including) |
Surgemail | Netwin | 1.4c (including) | 1.4c (including) |
Surgemail | Netwin | 1.5a (including) | 1.5a (including) |
Surgemail | Netwin | 1.5b (including) | 1.5b (including) |
Surgemail | Netwin | 1.5c (including) | 1.5c (including) |
Surgemail | Netwin | 1.5d (including) | 1.5d (including) |
Surgemail | Netwin | 1.5d2 (including) | 1.5d2 (including) |
Surgemail | Netwin | 1.5f (including) | 1.5f (including) |
Surgemail | Netwin | 1.6a (including) | 1.6a (including) |
Surgemail | Netwin | 1.6b (including) | 1.6b (including) |
Surgemail | Netwin | 1.6d (including) | 1.6d (including) |
Surgemail | Netwin | 1.6e (including) | 1.6e (including) |
Surgemail | Netwin | 1.6e2 (including) | 1.6e2 (including) |
Surgemail | Netwin | 1.7a (including) | 1.7a (including) |
Surgemail | Netwin | 1.7b3 (including) | 1.7b3 (including) |
Surgemail | Netwin | 1.8a (including) | 1.8a (including) |
Surgemail | Netwin | 1.8b3 (including) | 1.8b3 (including) |
Surgemail | Netwin | 1.8d (including) | 1.8d (including) |
Surgemail | Netwin | 1.8e (including) | 1.8e (including) |
Surgemail | Netwin | 1.8g3 (including) | 1.8g3 (including) |
Surgemail | Netwin | 1.9b2 (including) | 1.9b2 (including) |
Surgemail | Netwin | 2.0a2 (including) | 2.0a2 (including) |
Webmail | Netwin | 3.1d (including) | 3.1d (including) |