CVE-2004-2547

Name of the Vulnerable Software and Affected Versions SurgeMail versions prior to 2.0c WebMail (affected versions not specified)

Description The issue allows remote attackers to obtain sensitive information via HTTP requests. This can be achieved by specifying certain URIs, such as the / URI or the /scripts/ URI, or by requesting a non-existent file, which reveals the path in an error message.

Recommendations For SurgeMail versions prior to 2.0c, update to version 2.0c or later. For WebMail, at the moment, there is no information about a newer version that contains a fix for this vulnerability.