Directory Traversal Vulnerability in JavaMail Product by Sun Microsystems
CVE-2005-1105

Currently unrated

Key Information:

Vendor: Oracle
Status: Javamail
Vendor: CVE Published:; 2 May 2005

What is CVE-2005-1105?

The directory traversal vulnerability in the MimeBodyPart.getFileName method of JavaMail 1.3.2 permits remote attackers to exploit the Content-Disposition header. By manipulating the filename parameter with a '..' (dot dot), hackers can gain unauthorized access to the file system, potentially leading to the writing of arbitrary files. This poses significant risks to system integrity and confidentiality.

References

http://marc.info/?l=bugtraq&m=111335615600839&w=2

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 13, 2005

Oracle

What is CVE-2005-1105?

References

Timeline