2.6 CVE-2004-2547

Exploit Patch

NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
https://nvd.nist.gov/vuln/detail/CVE-2004-2547

References

BID Patch Exploit

10483 Exploit Patch

CONFIRM Patch

http://www.netwinsite.com/surgemail/help/updates.htm Patch

FULLDISC Patch Exploit

20040603 Surgemail - Multiple Vulnerabilities Exploit Patch

MISC Patch Exploit

http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt Exploit Patch

OSVDB Patch Exploit

6745 Exploit Patch

SECUNIA Patch

11772 Patch Vendor Advisory

XF

surgemail-invalid-path-disclosure(16319)

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:netwin:surgemail:1.0c:::::::*
cpe:2.3:a:netwin:surgemail:1.0d:::::::*
cpe:2.3:a:netwin:surgemail:1.1a:::::::*
cpe:2.3:a:netwin:surgemail:1.1b:::::::*
cpe:2.3:a:netwin:surgemail:1.1c:::::::*
cpe:2.3:a:netwin:surgemail:1.1d:::::::*
cpe:2.3:a:netwin:surgemail:1.2a:::::::*
cpe:2.3:a:netwin:surgemail:1.2b:::::::*
cpe:2.3:a:netwin:surgemail:1.2c:::::::*
cpe:2.3:a:netwin:surgemail:1.3a:::::::*
cpe:2.3:a:netwin:surgemail:1.3a_rc1:::::::*
cpe:2.3:a:netwin:surgemail:1.3b:::::::*
cpe:2.3:a:netwin:surgemail:1.3c:::::::*
cpe:2.3:a:netwin:surgemail:1.3d:::::::*
cpe:2.3:a:netwin:surgemail:1.3e:::::::*
cpe:2.3:a:netwin:surgemail:1.3f:::::::*
cpe:2.3:a:netwin:surgemail:1.3g:::::::*
cpe:2.3:a:netwin:surgemail:1.3h:::::::*
cpe:2.3:a:netwin:surgemail:1.3i:::::::*
cpe:2.3:a:netwin:surgemail:1.3j:::::::*
cpe:2.3:a:netwin:surgemail:1.3k:::::::*
cpe:2.3:a:netwin:surgemail:1.3l:::::::*
cpe:2.3:a:netwin:surgemail:1.4a:::::::*
cpe:2.3:a:netwin:surgemail:1.4b:::::::*
cpe:2.3:a:netwin:surgemail:1.4c:::::::*
cpe:2.3:a:netwin:surgemail:1.5a:::::::*
cpe:2.3:a:netwin:surgemail:1.5b:::::::*
cpe:2.3:a:netwin:surgemail:1.5c:::::::*
cpe:2.3:a:netwin:surgemail:1.5d:::::::*
cpe:2.3:a:netwin:surgemail:1.5d2:::::::*
cpe:2.3:a:netwin:surgemail:1.5f:::::::*
cpe:2.3:a:netwin:surgemail:1.6a:::::::*
cpe:2.3:a:netwin:surgemail:1.6b:::::::*
cpe:2.3:a:netwin:surgemail:1.6d:::::::*
cpe:2.3:a:netwin:surgemail:1.6e:::::::*
cpe:2.3:a:netwin:surgemail:1.6e2:::::::*
cpe:2.3:a:netwin:surgemail:1.7a:::::::*
cpe:2.3:a:netwin:surgemail:1.7b3:::::::*
cpe:2.3:a:netwin:surgemail:1.8a:::::::*
cpe:2.3:a:netwin:surgemail:1.8b3:::::::*
cpe:2.3:a:netwin:surgemail:1.8d:::::::*
cpe:2.3:a:netwin:surgemail:1.8e:::::::*
cpe:2.3:a:netwin:surgemail:1.8g3:::::::*
cpe:2.3:a:netwin:surgemail:1.9b2:::::::*
cpe:2.3:a:netwin:surgemail:2.0a2:::::::*
cpe:2.3:a:netwin:webmail:3.1d:::::::*

Patch

Url
10483
http://www.netwinsite.com/surgemail/help/updates.htm
20040603 Surgemail - Multiple Vulnerabilities
http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
6745
11772

Exploits

Exploit-db.com

id	description	date
24176	NetWin Surgemail 1.8/1.9/2.0 / WebMail 3.1 - Error Message Full Path Disclosure	2004-06-07 00:00:00

Other (github, ...)

Url
10483
20040603 Surgemail - Multiple Vulnerabilities
http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
6745

CAPEC

id	description	severity
No entry

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution

cpe	start	end
Configuration 1
cpe:2.3:a:netwin:surgemail:1.0c:::::::*
cpe:2.3:a:netwin:surgemail:1.0d:::::::*
cpe:2.3:a:netwin:surgemail:1.1a:::::::*
cpe:2.3:a:netwin:surgemail:1.1b:::::::*
cpe:2.3:a:netwin:surgemail:1.1c:::::::*
cpe:2.3:a:netwin:surgemail:1.1d:::::::*
cpe:2.3:a:netwin:surgemail:1.2a:::::::*
cpe:2.3:a:netwin:surgemail:1.2b:::::::*
cpe:2.3:a:netwin:surgemail:1.2c:::::::*
cpe:2.3:a:netwin:surgemail:1.3a:::::::*
cpe:2.3:a:netwin:surgemail:1.3a_rc1:::::::*
cpe:2.3:a:netwin:surgemail:1.3b:::::::*
cpe:2.3:a:netwin:surgemail:1.3c:::::::*
cpe:2.3:a:netwin:surgemail:1.3d:::::::*
cpe:2.3:a:netwin:surgemail:1.3e:::::::*
cpe:2.3:a:netwin:surgemail:1.3f:::::::*
cpe:2.3:a:netwin:surgemail:1.3g:::::::*
cpe:2.3:a:netwin:surgemail:1.3h:::::::*
cpe:2.3:a:netwin:surgemail:1.3i:::::::*
cpe:2.3:a:netwin:surgemail:1.3j:::::::*
cpe:2.3:a:netwin:surgemail:1.3k:::::::*
cpe:2.3:a:netwin:surgemail:1.3l:::::::*
cpe:2.3:a:netwin:surgemail:1.4a:::::::*
cpe:2.3:a:netwin:surgemail:1.4b:::::::*
cpe:2.3:a:netwin:surgemail:1.4c:::::::*
cpe:2.3:a:netwin:surgemail:1.5a:::::::*
cpe:2.3:a:netwin:surgemail:1.5b:::::::*
cpe:2.3:a:netwin:surgemail:1.5c:::::::*
cpe:2.3:a:netwin:surgemail:1.5d:::::::*
cpe:2.3:a:netwin:surgemail:1.5d2:::::::*
cpe:2.3:a:netwin:surgemail:1.5f:::::::*
cpe:2.3:a:netwin:surgemail:1.6a:::::::*
cpe:2.3:a:netwin:surgemail:1.6b:::::::*
cpe:2.3:a:netwin:surgemail:1.6d:::::::*
cpe:2.3:a:netwin:surgemail:1.6e:::::::*
cpe:2.3:a:netwin:surgemail:1.6e2:::::::*
cpe:2.3:a:netwin:surgemail:1.7a:::::::*
cpe:2.3:a:netwin:surgemail:1.7b3:::::::*
cpe:2.3:a:netwin:surgemail:1.8a:::::::*
cpe:2.3:a:netwin:surgemail:1.8b3:::::::*
cpe:2.3:a:netwin:surgemail:1.8d:::::::*
cpe:2.3:a:netwin:surgemail:1.8e:::::::*
cpe:2.3:a:netwin:surgemail:1.8g3:::::::*
cpe:2.3:a:netwin:surgemail:1.9b2:::::::*
cpe:2.3:a:netwin:surgemail:2.0a2:::::::*
cpe:2.3:a:netwin:webmail:3.1d:::::::*