CVE-2005-1753

CWE-2644 documents4 sources
Severity
5.0MEDIUM
EPSS
0.9%
top 24.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SUN Javamail
Timeline
PublishedDec 31
Latest updateMay 1

Description

ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDsun/javamail1.1.3, 1.2, 1.3+2

🔴Vulnerability Details

2
GHSA
GHSA-g53q-h9jm-jgf9: ** DISPUTED ** ReadMessage2022-05-01
CVEList
CVE-2005-1753: ReadMessage2006-05-21

📋Vendor Advisories

1
Red Hat
CVE-2005-1753: ReadMessage
CVE-2005-1753 (MEDIUM CVSS 5) | ReadMessage.jsp in JavaMail API 1.1 | cvebase.io