Description
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message.
Product(s):
- NetWin Surgemail 1.0c
- NetWin Surgemail 1.0d
- NetWin SurgeMail 1.1a
- NetWin SurgeMail 1.1b
- NetWin SurgeMail 1.1c
- NetWin SurgeMail 1.1d
- NetWin SurgeMail 1.2a
- NetWin SurgeMail 1.2b
- NetWin SurgeMail 1.2c
- NetWin SurgeMail 1.3a
- NetWin SurgeMail 1.3a RC1
- NetWin SurgeMail 1.3b
- NetWin SurgeMail 1.3c
- NetWin SurgeMail 1.3d
- NetWin SurgeMail 1.3e
- NetWin SurgeMail 1.3f
- NetWin SurgeMail 1.3g
- NetWin SurgeMail 1.3h
- NetWin SurgeMail 1.3i
- NetWin SurgeMail 1.3j
- NetWin SurgeMail 1.3k
- NetWin SurgeMail 1.3l
- NetWin SurgeMail 1.4a
- NetWin SurgeMail 1.4b
- NetWin SurgeMail 1.4c
- NetWin SurgeMail 1.5a
- NetWin SurgeMail 1.5b
- NetWin SurgeMail 1.5c
- NetWin SurgeMail 1.5d2
- NetWin SurgeMail 1.5d
- NetWin SurgeMail 1.5f
- NetWin SurgeMail 1.6a
- NetWin SurgeMail 1.6b
- NetWin SurgeMail 1.6d
- NetWin SurgeMail 1.6e2
- NetWin SurgeMail 1.6e
- NetWin SurgeMail 1.7a
- NetWin SurgeMail 1.7b3
- NetWin SurgeMail 1.8a
- NetWin SurgeMail 1.8b3
- NetWin SurgeMail 1.8d
- NetWin SurgeMail 1.8e
- NetWin SurgeMail 1.8g3
- NetWin SurgeMail 1.9b2
- NetWin SurgeMail 2.0a2
- NetWin Webmail 3.1d
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2547, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2547 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.