Path Disclosure Vulnerability in SurgeMail and WebMail by NetWin
CVE-2004-2547

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail; Webmail
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2547?

The identified path disclosure vulnerability in NetWin's SurgeMail and WebMail allows remote attackers to exploit specific HTTP requests. By accessing URIs such as '/' or '/scripts/' or by attempting to retrieve non-existent files, attackers can trigger error messages that inadvertently reveal sensitive file system paths. This exposure can further aid malicious users in crafting targeted attacks against the affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/16319

vdb-entryx_refsource_XF

http://www.osvdb.org/6745

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/10483

vdb-entryx_refsource_BID

EPSS Score

15% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Nov 21, 2005
Vulnerability published
Dec 31, 2004

Netwin

What is CVE-2004-2547?

References

EPSS Score

Timeline