Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2005-1753
Deferred
More InfoOfficial Page
Source-cve@mitre.org
View Known Exploited Vulnerability (KEV) details
Published At-31 Dec, 2005 | 05:00
Updated At-03 Apr, 2025 | 01:03

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Sun Microsystems (Oracle Corporation)
sun
>>javamail>>1.1.3
cpe:2.3:a:sun:javamail:1.1.3:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>javamail>>1.2
cpe:2.3:a:sun:javamail:1.2:*:*:*:*:*:*:*
Sun Microsystems (Oracle Corporation)
sun
>>javamail>>1.3
cpe:2.3:a:sun:javamail:1.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2006-08-30T00:00:00

We do not believe this is a security issue; this is a deliberate circumvention of the Javamail API. The Javamail API provides a comprehensive and secure method to retrieve mail. In this example, the author retreives the message directly from the mail directory on the filesystem. Even if the user insists on using this incorrect way of accessing mail, then the permissions set by the dovecot and tomcat packages are enough to protect against direct access to most of the files listed in the bug report.

References
HyperlinkSourceResource
http://marc.info/?l=bugtraq&m=111697083812367&w=2cve@mitre.org
N/A
http://tomcat.apache.org/security-5.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=111697083812367&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://tomcat.apache.org/security-5.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://marc.info/?l=bugtraq&m=111697083812367&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-5.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=111697083812367&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-5.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found