Sun JavaMail 1.3.2 MimeBodyPart.getFileName Directory Traversal Vulnerability

2005-04-12T00:00:00
ID EDB-ID:25395
Type exploitdb
Reporter Rafael San Miguel Carrasco
Modified 2005-04-12T00:00:00

Description

Sun JavaMail 1.3.2 MimeBodyPart.getFileName Directory Traversal Vulnerability. CVE-2005-1105. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/13141/info

Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet.

This issue was reported to affect JavaMail 1.3.2, however, earlier versions may also be vulnerable. 

Content-Disposition: ../../../file.ext