Lucene search

[email protected]CVE-2005-1754

HistoryMay 21, 2006 - 4:00 p.m.

CVE-2005-1754

2006-05-2116:00:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2005-1754

javamail api

apache tomcat

remote file access

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

Affected configurations

NVD

Node

apache_tomcatapache_tomcatMatch5.0.16

sunjavamailMatch1.1.3

sunjavamailMatch1.2

sunjavamailMatch1.3

sunjavamailMatch1.3.2

CPENameOperatorVersion
apache_tomcat:apache_tomcatapache tomcateq5.0.16
sun:javamailsun javamaileq1.1.3
sun:javamailsun javamaileq1.2
sun:javamailsun javamaileq1.3
sun:javamailsun javamaileq1.3.2

CPE	Name	Operator	Version
apache_tomcat:apache_tomcat	apache tomcat	eq	5.0.16
sun:javamail	sun javamail	eq	1.1.3
sun:javamail	sun javamail	eq	1.2
sun:javamail	sun javamail	eq	1.3
sun:javamail	sun javamail	eq	1.3.2

References

marc.info/?l=bugtraq&m=111697083812367&w=2

tomcat.apache.org/security-5.html

www.securityfocus.com/bid/13753

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.3 High

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2005-1754

nvd1 cvelist1