Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2547

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-2547
Last Modified 05 Sep 2008 04:44:26
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-2547

Summary

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

Vulnerable Systems

Application

  • Netwin Surgemail 1.0c

  • Netwin Surgemail 1.0d

  • Netwin Surgemail 1.1a

  • Netwin Surgemail 1.1b

  • Netwin Surgemail 1.1c

  • Netwin Surgemail 1.1d

  • Netwin Surgemail 1.2a

  • Netwin Surgemail 1.2b

  • Netwin Surgemail 1.2c

  • Netwin Surgemail 1.3a

  • Netwin Surgemail 1.3a Rc1

  • Netwin Surgemail 1.3b

  • Netwin Surgemail 1.3c

  • Netwin Surgemail 1.3d

  • Netwin Surgemail 1.3e

  • Netwin Surgemail 1.3f

  • Netwin Surgemail 1.3g

  • Netwin Surgemail 1.3h

  • Netwin Surgemail 1.3i

  • Netwin Surgemail 1.3j

  • Netwin Surgemail 1.3k

  • Netwin Surgemail 1.3l

  • Netwin Surgemail 1.4a

  • Netwin Surgemail 1.4b

  • Netwin Surgemail 1.4c

  • Netwin Surgemail 1.5a

  • Netwin Surgemail 1.5b

  • Netwin Surgemail 1.5c

  • Netwin Surgemail 1.5d

  • Netwin Surgemail 1.5d2

  • Netwin Surgemail 1.5f

  • Netwin Surgemail 1.6a

  • Netwin Surgemail 1.6b

  • Netwin Surgemail 1.6d

  • Netwin Surgemail 1.6e

  • Netwin Surgemail 1.6e2

  • Netwin Surgemail 1.7a

  • Netwin Surgemail 1.7b3

  • Netwin Surgemail 1.8a

  • Netwin Surgemail 1.8b3

  • Netwin Surgemail 1.8d

  • Netwin Surgemail 1.8e

  • Netwin Surgemail 1.8g3

  • Netwin Surgemail 1.9b2

  • Netwin Surgemail 2.0a2

  • Netwin Webmail 3.1d


References

XF - surgemail-invalid-path-disclosure(16319)

BID - 10483

OSVDB - 6745

CONFIRM - http://www.netwinsite.com/surgemail/help/updates.htm

MISC - http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt

SECUNIA - 11772

FULLDISC - 20040603 Surgemail - Multiple Vulnerabilities


Last Updated: 27 May 2016 10:39:31