CVE-2005-1682
Solstice Internet Mail Server POP3 2.0 - Unauthenticated Email Disclosure via MimeMessage Constructor
Title source: llmDescription
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
References (2)
Core 2
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/0574
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111653029605189&w=2
Scores
EPSS
0.0069
EPSS Percentile
48.4%
Details
CWE
CWE-20
Status
published
Products (1)
solstice/solstice_internet_mail_server
pop3_2.0
Published
May 20, 2005
Tracked Since
Feb 18, 2026