CVE-2004-2547
First published: Fri Dec 31 2004(Updated: )
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetWin SurgeMail | =1.3d | |
| NetWin SurgeMail | =1.1a | |
| NetWin SurgeMail | =1.8e | |
| NetWin SurgeMail | =1.6e2 | |
| NetWin SurgeMail | =1.3i | |
| NetWin SurgeMail | =1.3c | |
| NetWin SurgeMail | =1.3b | |
| NetWin SurgeMail | =1.1d | |
| NetWin SurgeMail | =1.3l | |
| NetWin SurgeMail | =1.7b3 | |
| NetWin SurgeMail | =1.5f | |
| NetWin SurgeMail | =1.6e | |
| NetWin SurgeMail | =1.6d | |
| NetWin SurgeMail | =1.4c | |
| NetWin SurgeMail | =1.3k | |
| NetWin SurgeMail | =1.3a_rc1 | |
| NetWin SurgeMail | =1.5d2 | |
| NetWin SurgeMail | =1.2a | |
| NetWin SurgeMail | =1.6a | |
| NetWin Webmail | =3.1d | |
| NetWin SurgeMail | =1.5a | |
| NetWin SurgeMail | =1.3g | |
| NetWin SurgeMail | =1.5c | |
| NetWin SurgeMail | =1.0d | |
| NetWin SurgeMail | =1.3f | |
| NetWin SurgeMail | =1.3h | |
| NetWin SurgeMail | =1.1c | |
| NetWin SurgeMail | =1.2b | |
| NetWin SurgeMail | =1.5b | |
| NetWin SurgeMail | =1.4b | |
| NetWin SurgeMail | =1.1b | |
| NetWin SurgeMail | =1.0c | |
| NetWin SurgeMail | =1.8d | |
| NetWin SurgeMail | =1.8b3 | |
| NetWin SurgeMail | =1.7a | |
| NetWin SurgeMail | =1.3a | |
| NetWin SurgeMail | =1.4a | |
| NetWin SurgeMail | =1.8g3 | |
| NetWin SurgeMail | =1.8a | |
| NetWin SurgeMail | =2.0a2 | |
| NetWin SurgeMail | =1.3j | |
| NetWin SurgeMail | =1.6b | |
| NetWin SurgeMail | =1.3e | |
| NetWin SurgeMail | =1.9b2 | |
| NetWin SurgeMail | =1.5d | |
| NetWin SurgeMail | =1.2c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
- http://www.netwinsite.com/surgemail/help/updates.htm
- http://www.securityfocus.com/bid/10483
- http://www.osvdb.org/6745
- http://secunia.com/advisories/11772
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16319
Frequently Asked Questions
What is the severity of CVE-2004-2547?
CVE-2004-2547 is classified as a medium severity vulnerability.
How does CVE-2004-2547 affect affected software versions?
CVE-2004-2547 allows attackers to obtain sensitive information from various versions of NetWin SurgeMail and WebMail.
How do I fix CVE-2004-2547?
To fix CVE-2004-2547, upgrade to NetWin SurgeMail version 2.0c or later.
What types of sensitive information can be exposed by CVE-2004-2547?
CVE-2004-2547 can expose directory paths in error messages.
Which products are impacted by CVE-2004-2547?
CVE-2004-2547 impacts multiple versions of NetWin SurgeMail and WebMail.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/source
- vendor/netwin
- canonical/netwin surgemail
- version/netwin surgemail/1.3d
- version/netwin surgemail/1.1a
- version/netwin surgemail/1.8e
- version/netwin surgemail/1.6e2
- version/netwin surgemail/1.3i
- version/netwin surgemail/1.3c
- version/netwin surgemail/1.3b
- version/netwin surgemail/1.1d
- version/netwin surgemail/1.3l
- version/netwin surgemail/1.7b3
- version/netwin surgemail/1.5f
- version/netwin surgemail/1.6e
- version/netwin surgemail/1.6d
- version/netwin surgemail/1.4c
- version/netwin surgemail/1.3k
- version/netwin surgemail/1.3a_rc1
- version/netwin surgemail/1.5d2
- version/netwin surgemail/1.2a
- version/netwin surgemail/1.6a
- canonical/netwin webmail
- version/netwin webmail/3.1d
- version/netwin surgemail/1.5a
- version/netwin surgemail/1.3g
- version/netwin surgemail/1.5c
- version/netwin surgemail/1.0d
- version/netwin surgemail/1.3f
- version/netwin surgemail/1.3h
- version/netwin surgemail/1.1c
- version/netwin surgemail/1.2b
- version/netwin surgemail/1.5b
- version/netwin surgemail/1.4b
- version/netwin surgemail/1.1b
- version/netwin surgemail/1.0c
- version/netwin surgemail/1.8d
- version/netwin surgemail/1.8b3
- version/netwin surgemail/1.7a
- version/netwin surgemail/1.3a
- version/netwin surgemail/1.4a
- version/netwin surgemail/1.8g3
- version/netwin surgemail/1.8a
- version/netwin surgemail/2.0a2
- version/netwin surgemail/1.3j
- version/netwin surgemail/1.6b
- version/netwin surgemail/1.3e
- version/netwin surgemail/1.9b2
- version/netwin surgemail/1.5d
- version/netwin surgemail/1.2c