CVE Vulnerabilities

CVE-2004-2547

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.6 LOW
AV:N/AC:H/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

Affected Software

Name Vendor Start Version End Version
Surgemail Netwin 1.0c 1.0c
Surgemail Netwin 1.0d 1.0d
Surgemail Netwin 1.1a 1.1a
Surgemail Netwin 1.1b 1.1b
Surgemail Netwin 1.1c 1.1c
Surgemail Netwin 1.1d 1.1d
Surgemail Netwin 1.2a 1.2a
Surgemail Netwin 1.2b 1.2b
Surgemail Netwin 1.2c 1.2c
Surgemail Netwin 1.3a 1.3a
Surgemail Netwin 1.3a_rc1 1.3a_rc1
Surgemail Netwin 1.3b 1.3b
Surgemail Netwin 1.3c 1.3c
Surgemail Netwin 1.3d 1.3d
Surgemail Netwin 1.3e 1.3e
Surgemail Netwin 1.3f 1.3f
Surgemail Netwin 1.3g 1.3g
Surgemail Netwin 1.3h 1.3h
Surgemail Netwin 1.3i 1.3i
Surgemail Netwin 1.3j 1.3j
Surgemail Netwin 1.3k 1.3k
Surgemail Netwin 1.3l 1.3l
Surgemail Netwin 1.4a 1.4a
Surgemail Netwin 1.4b 1.4b
Surgemail Netwin 1.4c 1.4c
Surgemail Netwin 1.5a 1.5a
Surgemail Netwin 1.5b 1.5b
Surgemail Netwin 1.5c 1.5c
Surgemail Netwin 1.5d 1.5d
Surgemail Netwin 1.5d2 1.5d2
Surgemail Netwin 1.5f 1.5f
Surgemail Netwin 1.6a 1.6a
Surgemail Netwin 1.6b 1.6b
Surgemail Netwin 1.6d 1.6d
Surgemail Netwin 1.6e 1.6e
Surgemail Netwin 1.6e2 1.6e2
Surgemail Netwin 1.7a 1.7a
Surgemail Netwin 1.7b3 1.7b3
Surgemail Netwin 1.8a 1.8a
Surgemail Netwin 1.8b3 1.8b3
Surgemail Netwin 1.8d 1.8d
Surgemail Netwin 1.8e 1.8e
Surgemail Netwin 1.8g3 1.8g3
Surgemail Netwin 1.9b2 1.9b2
Surgemail Netwin 2.0a2 2.0a2
Webmail Netwin 3.1d 3.1d

References