[SECURITY] Fedora 26 Update: apache-commons-email-1.5-1.fc26

Commons-Email aims to provide an API for sending email. It is built on top of the JavaMail API, which it aims to simplify...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

CVE-2005-1753

CVE-2005-1753 affects JavaMail API versions 1.1.3 through 1.3, used by Apache Tomcat 5.0.16. The ReadMessage.jsp component allows remote attackers to view other users’ email attachments via direct requests to /mailboxesdir/username@domainname. Sun and Apache dispute the issue, stating published r...

CVE-2005-1754

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not...

CVE-2005-1754

CVE-2005-1754 affects JavaMail API 1.1.3–1.3 used by Apache Tomcat 5.0.16, allowing remote attackers to read arbitrary files via a full pathname in the Download parameter. Sun and Apache dispute the report, noting references to source code/files that do not exist. Public documents do not provide ...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

PT-2005-2725 · Oracle · Javamail Api

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to view other users' e-mail attachments via a direct request to "/mailboxesdir/username@domainname". This is related to the ReadMessage.jsp file in the...

PT-2005-2726 · Oracle +1 · Javamail Api +1

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. It is worth noting that Sun and Apache dispute this issue, with Sun...

CVE-2005-1682

JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE...

CVE-2005-1682

The CVE describes a vulnerability in JavaMail API used by Solstice Internet Mail Server POP3 2.0, where the MimeMessage constructor in javax.mail.internet.InternetHeaders does not properly validate the message number, enabling remote authenticated users to read other users’ e‑mail by altering the...

Javamail Multiple Information Disclosure Vulnerabilities

Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...

CVE-2005-1682

JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE...

JavaMail Information Disclosure (msgno)

"The JavaMail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. The JavaMail API is implemented as a Java platform optional package and is also available as part of the Java 2 platform, Enterprise Edition. JavaMail provides a common,...