Path Disclosure Vulnerability in SurgeMail and WebMail by NetWin
CVE-2004-2547

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgemail
Webmail
Vendor
CVE Published:
31 December 2004

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸฃ EPSS 17%

What is CVE-2004-2547?

The identified path disclosure vulnerability in NetWin's SurgeMail and WebMail allows remote attackers to exploit specific HTTP requests. By accessing URIs such as '/' or '/scripts/' or by attempting to retrieve non-existent files, attackers can trigger error messages that inadvertently reveal sensitive file system paths. This exposure can further aid malicious users in crafting targeted attacks against the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16319
vdb-entryx_refsource_XF
http://www.osvdb.org/6745
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/10483
vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability Reserved

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

.