Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal

2005-04-12T00:00:00
ID EXPLOITPACK:70294AD4EB516231A06782E58F99C1BE
Type exploitpack
Reporter Rafael San Miguel Carrasco
Modified 2005-04-12T00:00:00

Description

Sun JavaMail 1.3.2 - MimeBodyPart.getFileName Directory Traversal

                                        
                                            source: https://www.securityfocus.com/bid/13141/info

Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet.

This issue was reported to affect JavaMail 1.3.2, however, earlier versions may also be vulnerable. 

Content-Disposition: ../../../file.ext