Vulnerabilities > CVE-2004-2547 - Input Validation vulnerability in Netwin Surgemail and Webmail
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Vulnerable Configurations
Exploit-Db
| description | NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Error Message Path Disclosure. CVE-2004-2547. Webapps exploit for php platform |
| id | EDB-ID:24176 |
| last seen | 2016-02-02 |
| modified | 2004-06-07 |
| published | 2004-06-07 |
| reporter | Donnie Werner |
| source | https://www.exploit-db.com/download/24176/ |
| title | NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Error Message Path Disclosure |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html
- http://secunia.com/advisories/11772
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
- http://www.netwinsite.com/surgemail/help/updates.htm
- http://www.osvdb.org/6745
- http://www.securityfocus.com/bid/10483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16319