CVE-2004-2547

NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.

*Credits: N/A

CVSS Scores

NISTv2 2.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2004-06-07 First Exploit
2004-12-31 CVE Published
2005-11-21 CVE Reserved
2023-03-07 EPSS Updated
2024-08-08 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (8)

URL	Tag	Source
https://exchange.xforce.ibmcloud.com/vulnerabilities/16319	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/24176	2004-06-07
http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html	2024-08-08
http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt	2024-08-08
http://www.osvdb.org/6745	2024-08-08
http://www.securityfocus.com/bid/10483	2024-08-08

URL	Date	SRC
http://secunia.com/advisories/11772	2017-07-11
http://www.netwinsite.com/surgemail/help/updates.htm	2017-07-11

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.0c Search vendor "Netwin" for product "Surgemail" and version "1.0c"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.0d Search vendor "Netwin" for product "Surgemail" and version "1.0d"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.1a Search vendor "Netwin" for product "Surgemail" and version "1.1a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.1b Search vendor "Netwin" for product "Surgemail" and version "1.1b"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.1c Search vendor "Netwin" for product "Surgemail" and version "1.1c"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.1d Search vendor "Netwin" for product "Surgemail" and version "1.1d"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.2a Search vendor "Netwin" for product "Surgemail" and version "1.2a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.2b Search vendor "Netwin" for product "Surgemail" and version "1.2b"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.2c Search vendor "Netwin" for product "Surgemail" and version "1.2c"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3a Search vendor "Netwin" for product "Surgemail" and version "1.3a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3a_rc1 Search vendor "Netwin" for product "Surgemail" and version "1.3a_rc1"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3b Search vendor "Netwin" for product "Surgemail" and version "1.3b"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3c Search vendor "Netwin" for product "Surgemail" and version "1.3c"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3d Search vendor "Netwin" for product "Surgemail" and version "1.3d"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3e Search vendor "Netwin" for product "Surgemail" and version "1.3e"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3f Search vendor "Netwin" for product "Surgemail" and version "1.3f"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3g Search vendor "Netwin" for product "Surgemail" and version "1.3g"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3h Search vendor "Netwin" for product "Surgemail" and version "1.3h"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3i Search vendor "Netwin" for product "Surgemail" and version "1.3i"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3j Search vendor "Netwin" for product "Surgemail" and version "1.3j"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3k Search vendor "Netwin" for product "Surgemail" and version "1.3k"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.3l Search vendor "Netwin" for product "Surgemail" and version "1.3l"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.4a Search vendor "Netwin" for product "Surgemail" and version "1.4a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.4b Search vendor "Netwin" for product "Surgemail" and version "1.4b"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.4c Search vendor "Netwin" for product "Surgemail" and version "1.4c"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.5a Search vendor "Netwin" for product "Surgemail" and version "1.5a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.5b Search vendor "Netwin" for product "Surgemail" and version "1.5b"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.5c Search vendor "Netwin" for product "Surgemail" and version "1.5c"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.5d Search vendor "Netwin" for product "Surgemail" and version "1.5d"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.5d2 Search vendor "Netwin" for product "Surgemail" and version "1.5d2"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.5f Search vendor "Netwin" for product "Surgemail" and version "1.5f"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.6a Search vendor "Netwin" for product "Surgemail" and version "1.6a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.6b Search vendor "Netwin" for product "Surgemail" and version "1.6b"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.6d Search vendor "Netwin" for product "Surgemail" and version "1.6d"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.6e Search vendor "Netwin" for product "Surgemail" and version "1.6e"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.6e2 Search vendor "Netwin" for product "Surgemail" and version "1.6e2"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.7a Search vendor "Netwin" for product "Surgemail" and version "1.7a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.7b3 Search vendor "Netwin" for product "Surgemail" and version "1.7b3"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.8a Search vendor "Netwin" for product "Surgemail" and version "1.8a"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.8b3 Search vendor "Netwin" for product "Surgemail" and version "1.8b3"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.8d Search vendor "Netwin" for product "Surgemail" and version "1.8d"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.8e Search vendor "Netwin" for product "Surgemail" and version "1.8e"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.8g3 Search vendor "Netwin" for product "Surgemail" and version "1.8g3"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				1.9b2 Search vendor "Netwin" for product "Surgemail" and version "1.9b2"		-		Affected
Netwin Search vendor "Netwin"		Surgemail Search vendor "Netwin" for product "Surgemail"				2.0a2 Search vendor "Netwin" for product "Surgemail" and version "2.0a2"		-		Affected
Netwin Search vendor "Netwin"		Webmail Search vendor "Netwin" for product "Webmail"				3.1d Search vendor "Netwin" for product "Webmail" and version "3.1d"		-		Affected