CVE-2005-1105

JavaMail 1.3.2 - Directory Traversal and Arbitrary File Write via Content-Disposition Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1105. PoCs published by Rafael San Miguel Carrasco.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in Sun JavaMail 1.3.2, where improper validation of filenames in email attachments allows traversal. The example shows a malicious 'Content-Disposition' header that could exploit this flaw.

Description

Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Rafael San Miguel Carrasco · textremotemultiple

https://www.exploit-db.com/exploits/25395

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in Sun JavaMail 1.3.2, where improper validation of filenames in email attachments allows traversal. The example shows a malicious 'Content-Disposition' header that could exploit this flaw.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Sun JavaMail 1.3.2

No auth needed

Prerequisites: Victim must process a maliciously crafted email attachment

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111335615600839&w=2

Scores

EPSS 0.0583

EPSS Percentile 92.2%

Details

Status published

Products (1)

sun/javamail 1.3.2

Published May 02, 2005

Tracked Since Feb 18, 2026