Path Disclosure Vulnerability in SurgeMail and WebMail by NetWin
CVE-2004-2547

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgemail
Webmail
Vendor
CVE Published:
31 December 2004

What is CVE-2004-2547?

The identified path disclosure vulnerability in NetWin's SurgeMail and WebMail allows remote attackers to exploit specific HTTP requests. By accessing URIs such as '/' or '/scripts/' or by attempting to retrieve non-existent files, attackers can trigger error messages that inadvertently reveal sensitive file system paths. This exposure can further aid malicious users in crafting targeted attacks against the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16319
vdb-entryx_refsource_XF
http://www.osvdb.org/6745
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/10483
vdb-entryx_refsource_BID

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.