Description
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ricky Latt · textwebappsjava
https://www.exploit-db.com/exploits/25702
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111697083812367&w=2
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13753
Various Sources x_refsource_misc
http://tomcat.apache.org/security-5.html
Scores
EPSS
0.0885
EPSS Percentile
92.6%
Details
CWE
CWE-200
Status
published
Products (5)
apache_tomcat/apache_tomcat
5.0.16
sun/javamail
1.1.3
sun/javamail
1.2
sun/javamail
1.3
sun/javamail
1.3.2
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026