Lucene search

MitreCVE-2004-2547

HistoryNov 21, 2005 - 11:00 a.m.

CVE-2004-2547

2005-11-2111:00:00

mitre

web.nvd.nist.gov

netwin

surgemail

webmail

sensitive information disclosure

cve-2004-2547

nvd

http requests

security vulnerability

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or © specify a non-existent file, which reveal the path in an error message.

Affected configurations

Nvd

Node

netwinsurgemailMatch1.0c

netwinsurgemailMatch1.0d

netwinsurgemailMatch1.1a

netwinsurgemailMatch1.1b

netwinsurgemailMatch1.1c

netwinsurgemailMatch1.1d

netwinsurgemailMatch1.2a

netwinsurgemailMatch1.2b

netwinsurgemailMatch1.2c

netwinsurgemailMatch1.3a

netwinsurgemailMatch1.3a_rc1

netwinsurgemailMatch1.3b

netwinsurgemailMatch1.3c

netwinsurgemailMatch1.3d

netwinsurgemailMatch1.3e

netwinsurgemailMatch1.3f

netwinsurgemailMatch1.3g

netwinsurgemailMatch1.3h

netwinsurgemailMatch1.3i

netwinsurgemailMatch1.3j

netwinsurgemailMatch1.3k

netwinsurgemailMatch1.3l

netwinsurgemailMatch1.4a

netwinsurgemailMatch1.4b

netwinsurgemailMatch1.4c

netwinsurgemailMatch1.5a

netwinsurgemailMatch1.5b

netwinsurgemailMatch1.5c

netwinsurgemailMatch1.5d

netwinsurgemailMatch1.5d2

netwinsurgemailMatch1.5f

netwinsurgemailMatch1.6a

netwinsurgemailMatch1.6b

netwinsurgemailMatch1.6d

netwinsurgemailMatch1.6e

netwinsurgemailMatch1.6e2

netwinsurgemailMatch1.7a

netwinsurgemailMatch1.7b3

netwinsurgemailMatch1.8a

netwinsurgemailMatch1.8b3

netwinsurgemailMatch1.8d

netwinsurgemailMatch1.8e

netwinsurgemailMatch1.8g3

netwinsurgemailMatch1.9b2

netwinsurgemailMatch2.0a2

netwinwebmailMatch3.1d

VendorProductVersionCPE
netwinsurgemail1.0ccpe:2.3:a:netwin:surgemail:1.0c:*:*:*:*:*:*:*
netwinsurgemail1.0dcpe:2.3:a:netwin:surgemail:1.0d:*:*:*:*:*:*:*
netwinsurgemail1.1acpe:2.3:a:netwin:surgemail:1.1a:*:*:*:*:*:*:*
netwinsurgemail1.1bcpe:2.3:a:netwin:surgemail:1.1b:*:*:*:*:*:*:*
netwinsurgemail1.1ccpe:2.3:a:netwin:surgemail:1.1c:*:*:*:*:*:*:*
netwinsurgemail1.1dcpe:2.3:a:netwin:surgemail:1.1d:*:*:*:*:*:*:*
netwinsurgemail1.2acpe:2.3:a:netwin:surgemail:1.2a:*:*:*:*:*:*:*
netwinsurgemail1.2bcpe:2.3:a:netwin:surgemail:1.2b:*:*:*:*:*:*:*
netwinsurgemail1.2ccpe:2.3:a:netwin:surgemail:1.2c:*:*:*:*:*:*:*
netwinsurgemail1.3acpe:2.3:a:netwin:surgemail:1.3a:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netwin	surgemail	1.0c	cpe:2.3:a:netwin:surgemail:1.0c:::::::*
netwin	surgemail	1.0d	cpe:2.3:a:netwin:surgemail:1.0d:::::::*
netwin	surgemail	1.1a	cpe:2.3:a:netwin:surgemail:1.1a:::::::*
netwin	surgemail	1.1b	cpe:2.3:a:netwin:surgemail:1.1b:::::::*
netwin	surgemail	1.1c	cpe:2.3:a:netwin:surgemail:1.1c:::::::*
netwin	surgemail	1.1d	cpe:2.3:a:netwin:surgemail:1.1d:::::::*
netwin	surgemail	1.2a	cpe:2.3:a:netwin:surgemail:1.2a:::::::*
netwin	surgemail	1.2b	cpe:2.3:a:netwin:surgemail:1.2b:::::::*
netwin	surgemail	1.2c	cpe:2.3:a:netwin:surgemail:1.2c:::::::*
netwin	surgemail	1.3a	cpe:2.3:a:netwin:surgemail:1.3a:::::::*

Rows per page:

1-10 of 461

References

archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html

secunia.com/advisories/11772

www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt

www.netwinsite.com/surgemail/help/updates.htm

www.osvdb.org/6745

www.securityfocus.com/bid/10483

exchange.xforce.ibmcloud.com/vulnerabilities/16319

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

84.0%

JSON

Related for CVE-2004-2547