CVE-2005-1754

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache_tomcat:apache_tomcat:5.0.16:*:*:*:*:*:*:*
cpe:2.3:a:sun:javamail:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:javamail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:sun:javamail:1.3:*:*:*:*:*:*:*
cpe:2.3:a:sun:javamail:1.3.2:*:*:*:*:*:*:*

History

07 Nov 2023, 01:57

Type Values Removed Values Added
Summary ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products." JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

Information

Published : 2005-12-31 05:00

Updated : 2024-08-07 22:15


NVD link : CVE-2005-1754

Mitre link : CVE-2005-1754

CVE.ORG link : CVE-2005-1754


JSON object : View

Products Affected

apache_tomcat

  • apache_tomcat

sun

  • javamail
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor