[原文]LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.
602Pro LAN SUITE Web Mail Arbitrary Directory Listing
Remote / Network Access
Loss of Confidentiality
Change Default Setting
602Pro LAN SUITE Web Mail contains a flaw related to the ability to view files in a directory. The issue is triggered when a remote attacker sends an HTTP request to 'cgi-bin/', 'index.html', or 'users/'. This may allow an attacker to obtain a directory listing.