Sun JavaMail 1.3.2 - 'MimeBodyPart.getFileName' Directory Traversal
| EKU-ID: 30744 | CVE: CVE-2005-1105;OSVDB-15644 | OSVDB-ID: |
| Author: Rafael San Miguel Carrasco | Published: 2005-04-12 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 30744 | CVE: CVE-2005-1105;OSVDB-15644 | OSVDB-ID: |
| Author: Rafael San Miguel Carrasco | Published: 2005-04-12 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/13141/info Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet. This issue was reported to affect JavaMail 1.3.2, however, earlier versions may also be vulnerable. Content-Disposition: ../../../file.ext