http://kenai.com/bugzilla/show_bug.cgi?id=4448
Summary: Directory traversal vulnerability in
MimeBodyPart.getFileName(): CVE-2005-1105
Product: javamail
Version: 1.4.5
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P4
Component: internet
AssignedTo: shannon_at_kenai.com
ReportedBy: djorm_at_kenai.com
CC: issues_at_javamail.kenai.com
This issue was originally identified on bugtraq in 2005:
http://marc.info/?l=bugtraq&m=111335615600839&w=2
The vulnerability does not appear to have ever been addressed. Looking at the
latest code in hg, I see:
mail/src/main/java/javax/mail/internet/MimeBodyPart.java
Is still missing any protection against directory traversal in getFileName().
Could this issue please be addressed in the next release? I am happy to provide
a suggested patch if that helps. Thanks!
--
Configure bugmail: http://kenai.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.