CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:javamail:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:javamail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:javamail:1.3:*:*:*:*:*:*:*

History

07 Nov 2023, 01:57

Type Values Removed Values Added
Summary ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products." ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

Information

Published : 2005-12-31 05:00

Updated : 2024-08-07 22:15


NVD link : CVE-2005-1753

Mitre link : CVE-2005-1753

CVE.ORG link : CVE-2005-1753


JSON object : View

Products Affected

sun

  • javamail
CWE
CWE-264

Permissions, Privileges, and Access Controls