CVE-2004-2547
NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure
Severity Score
2.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-06-07 First Exploit
- 2004-12-31 CVE Published
- 2005-11-21 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
URL | Tag | Source |
---|---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/16319 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/24176 | 2004-06-07 | |
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html | 2024-08-08 | |
http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt | 2024-08-08 | |
http://www.osvdb.org/6745 | 2024-08-08 | |
http://www.securityfocus.com/bid/10483 | 2024-08-08 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/11772 | 2017-07-11 | |
http://www.netwinsite.com/surgemail/help/updates.htm | 2017-07-11 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.0c Search vendor "Netwin" for product "Surgemail" and version "1.0c" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.0d Search vendor "Netwin" for product "Surgemail" and version "1.0d" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.1a Search vendor "Netwin" for product "Surgemail" and version "1.1a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.1b Search vendor "Netwin" for product "Surgemail" and version "1.1b" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.1c Search vendor "Netwin" for product "Surgemail" and version "1.1c" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.1d Search vendor "Netwin" for product "Surgemail" and version "1.1d" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.2a Search vendor "Netwin" for product "Surgemail" and version "1.2a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.2b Search vendor "Netwin" for product "Surgemail" and version "1.2b" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.2c Search vendor "Netwin" for product "Surgemail" and version "1.2c" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3a Search vendor "Netwin" for product "Surgemail" and version "1.3a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3a_rc1 Search vendor "Netwin" for product "Surgemail" and version "1.3a_rc1" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3b Search vendor "Netwin" for product "Surgemail" and version "1.3b" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3c Search vendor "Netwin" for product "Surgemail" and version "1.3c" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3d Search vendor "Netwin" for product "Surgemail" and version "1.3d" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3e Search vendor "Netwin" for product "Surgemail" and version "1.3e" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3f Search vendor "Netwin" for product "Surgemail" and version "1.3f" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3g Search vendor "Netwin" for product "Surgemail" and version "1.3g" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3h Search vendor "Netwin" for product "Surgemail" and version "1.3h" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3i Search vendor "Netwin" for product "Surgemail" and version "1.3i" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3j Search vendor "Netwin" for product "Surgemail" and version "1.3j" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3k Search vendor "Netwin" for product "Surgemail" and version "1.3k" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.3l Search vendor "Netwin" for product "Surgemail" and version "1.3l" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.4a Search vendor "Netwin" for product "Surgemail" and version "1.4a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.4b Search vendor "Netwin" for product "Surgemail" and version "1.4b" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.4c Search vendor "Netwin" for product "Surgemail" and version "1.4c" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.5a Search vendor "Netwin" for product "Surgemail" and version "1.5a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.5b Search vendor "Netwin" for product "Surgemail" and version "1.5b" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.5c Search vendor "Netwin" for product "Surgemail" and version "1.5c" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.5d Search vendor "Netwin" for product "Surgemail" and version "1.5d" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.5d2 Search vendor "Netwin" for product "Surgemail" and version "1.5d2" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.5f Search vendor "Netwin" for product "Surgemail" and version "1.5f" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.6a Search vendor "Netwin" for product "Surgemail" and version "1.6a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.6b Search vendor "Netwin" for product "Surgemail" and version "1.6b" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.6d Search vendor "Netwin" for product "Surgemail" and version "1.6d" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.6e Search vendor "Netwin" for product "Surgemail" and version "1.6e" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.6e2 Search vendor "Netwin" for product "Surgemail" and version "1.6e2" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.7a Search vendor "Netwin" for product "Surgemail" and version "1.7a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.7b3 Search vendor "Netwin" for product "Surgemail" and version "1.7b3" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.8a Search vendor "Netwin" for product "Surgemail" and version "1.8a" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.8b3 Search vendor "Netwin" for product "Surgemail" and version "1.8b3" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.8d Search vendor "Netwin" for product "Surgemail" and version "1.8d" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.8e Search vendor "Netwin" for product "Surgemail" and version "1.8e" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.8g3 Search vendor "Netwin" for product "Surgemail" and version "1.8g3" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.9b2 Search vendor "Netwin" for product "Surgemail" and version "1.9b2" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.0a2 Search vendor "Netwin" for product "Surgemail" and version "2.0a2" | - |
Affected
| ||||||
Netwin Search vendor "Netwin" | Webmail Search vendor "Netwin" for product "Webmail" | 3.1d Search vendor "Netwin" for product "Webmail" and version "3.1d" | - |
Affected
|