Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1105

4 documents4 sources
Severity
5.0MEDIUM
EPSS
7.2%
top 8.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Javamail
Timeline
PublishedMay 2
Latest updateMay 1

Description

Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsun/javamail1.3.2

🔴Vulnerability Details

2
GHSA
GHSA-8wfc-hch7-gvrx: Directory traversal vulnerability in the MimeBodyPart2022-05-01
CVEList
CVE-2005-1105: Directory traversal vulnerability in the MimeBodyPart2005-04-13

💥Exploits & PoCs

1
Exploit-DB
Sun JavaMail 1.3.2 - 'MimeBodyPart.getFileName' Directory Traversal2005-04-12
CVE-2005-1105 (MEDIUM CVSS 5) | Directory traversal vulnerability i | cvebase.io