Sun JavaMail 1.3 API MimeMessage Infromation Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13683/info The MimeMessage method in the Sun JavaMail API does not perform sufficient validation on message number values that are passed to the method during requests. An attacker that can successfully authenticate to an...

Sun JavaMail 1.3.2 MimeBodyPart.getFileName Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This issue was reported to affect...

JavaMail header injection

It's possible to inject header via setSubject...

JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: none Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date:...

Oracle JavaMail SMTP Header Injection

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: JavaMail Vendor: Oracle CSNC ID: CSNC-2014-001 CVD ID: Subject: SMTP Header Injection via method setSubject Risk: Medium Effect: Remotely exploitable Author: Alexandre Herzog Date: 19.05.2014 Introduction:...

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

ClassCastException reported when stopping JIRA

When stopping tomcat wich hosts only Jira, there is always such stack trace in tomcat logs: code 2008-02-18 19:25:32,767: ERROR Thread-33 - org.apache.catalina.core.ContainerBase.Catalina.localhost./jira.release - ApplicationFilterConfig.doAsPrivilege java.lang.ClassCastException:...

CVE-2007-6059

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service connection pool...

Design/Logic Flaw

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service connection pool...

CVE-2007-6059

Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service connection pool...

CVE-2007-6059

CVE-2007-6059 affects JavaMail/Javamail where processing a sequence of invalid logins using the same e-mail as username and password, with the domain portion triggering a Java UnknownHostException, can cause a denial of service via connection pool exhaustion and a SQLNestedException. SUSE/NVD/PT-...

Javamail login username and password same email problem

Javamail login username and password same email problem By Thet Aung Min Latt Yangon Myanmar 16 November 2007 1. First logon to examplemail.com http://examplemail.com/login.jsp And login with [email protected] in username and password box. User name: [email protected]...

CVE-2005-1753

CVE-2005-1753 affects JavaMail API versions 1.1.3 through 1.3, used by Apache Tomcat 5.0.16. The ReadMessage.jsp component allows remote attackers to view other users’ email attachments via direct requests to /mailboxesdir/username@domainname. Sun and Apache dispute the issue, stating published r...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

CVE-2005-1754

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not...

CVE-2005-1754

CVE-2005-1754 affects JavaMail API 1.1.3–1.3 used by Apache Tomcat 5.0.16, allowing remote attackers to read arbitrary files via a full pathname in the Download parameter. Sun and Apache dispute the report, noting references to source code/files that do not exist. Public documents do not provide ...

CVE-2005-1753

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to sourc...

CVE-2005-1754

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not...

PT-2005-2725 · Oracle · Javamail Api

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to view other users' e-mail attachments via a direct request to "/mailboxesdir/username@domainname". This is related to the ReadMessage.jsp file in the...

PT-2005-2726 · Oracle +1 · Javamail Api +1

Name of the Vulnerable Software and Affected Versions: JavaMail API versions 1.1.3 through 1.3 Description: The issue allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. It is worth noting that Sun and Apache dispute this issue, with Sun...