Lucene search

[email protected]CVE-2004-2547

HistoryNov 21, 2005 - 11:00 a.m.

CVE-2004-2547

2005-11-2111:00:00

[email protected]

web.nvd.nist.gov

netwin

surgemail

webmail

sensitive information disclosure

cve-2004-2547

nvd

http requests

security vulnerability

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.9%

JSON

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or © specify a non-existent file, which reveal the path in an error message.

Affected configurations

NVD

Node

netwinsurgemailMatch1.0c

netwinsurgemailMatch1.0d

netwinsurgemailMatch1.1a

netwinsurgemailMatch1.1b

netwinsurgemailMatch1.1c

netwinsurgemailMatch1.1d

netwinsurgemailMatch1.2a

netwinsurgemailMatch1.2b

netwinsurgemailMatch1.2c

netwinsurgemailMatch1.3a

netwinsurgemailMatch1.3a_rc1

netwinsurgemailMatch1.3b

netwinsurgemailMatch1.3c

netwinsurgemailMatch1.3d

netwinsurgemailMatch1.3e

netwinsurgemailMatch1.3f

netwinsurgemailMatch1.3g

netwinsurgemailMatch1.3h

netwinsurgemailMatch1.3i

netwinsurgemailMatch1.3j

netwinsurgemailMatch1.3k

netwinsurgemailMatch1.3l

netwinsurgemailMatch1.4a

netwinsurgemailMatch1.4b

netwinsurgemailMatch1.4c

netwinsurgemailMatch1.5a

netwinsurgemailMatch1.5b

netwinsurgemailMatch1.5c

netwinsurgemailMatch1.5d

netwinsurgemailMatch1.5d2

netwinsurgemailMatch1.5f

netwinsurgemailMatch1.6a

netwinsurgemailMatch1.6b

netwinsurgemailMatch1.6d

netwinsurgemailMatch1.6e

netwinsurgemailMatch1.6e2

netwinsurgemailMatch1.7a

netwinsurgemailMatch1.7b3

netwinsurgemailMatch1.8a

netwinsurgemailMatch1.8b3

netwinsurgemailMatch1.8d

netwinsurgemailMatch1.8e

netwinsurgemailMatch1.8g3

netwinsurgemailMatch1.9b2

netwinsurgemailMatch2.0a2

netwinwebmailMatch3.1d

CPENameOperatorVersion
netwin:surgemailnetwin surgemaileq1.0c
netwin:surgemailnetwin surgemaileq1.0d
netwin:surgemailnetwin surgemaileq1.1a
netwin:surgemailnetwin surgemaileq1.1b
netwin:surgemailnetwin surgemaileq1.1c
netwin:surgemailnetwin surgemaileq1.1d
netwin:surgemailnetwin surgemaileq1.2a
netwin:surgemailnetwin surgemaileq1.2b
netwin:surgemailnetwin surgemaileq1.2c
netwin:surgemailnetwin surgemaileq1.3a

CPE	Name	Operator	Version
netwin:surgemail	netwin surgemail	eq	1.0c
netwin:surgemail	netwin surgemail	eq	1.0d
netwin:surgemail	netwin surgemail	eq	1.1a
netwin:surgemail	netwin surgemail	eq	1.1b
netwin:surgemail	netwin surgemail	eq	1.1c
netwin:surgemail	netwin surgemail	eq	1.1d
netwin:surgemail	netwin surgemail	eq	1.2a
netwin:surgemail	netwin surgemail	eq	1.2b
netwin:surgemail	netwin surgemail	eq	1.2c
netwin:surgemail	netwin surgemail	eq	1.3a

Rows per page:

1-10 of 461

References

archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html

secunia.com/advisories/11772

www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt

www.netwinsite.com/surgemail/help/updates.htm

www.osvdb.org/6745

www.securityfocus.com/bid/10483

exchange.xforce.ibmcloud.com/vulnerabilities/16319

6.6 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.9%

JSON

Related for CVE-2004-2547

nvd2 cvelist2 cve1