CVE-2005-1754

Apache Tomcat 5.0.16 - Unauthenticated Arbitrary File Read via JavaMail Download Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1754. PoCs published by Ricky Latt.

AI-analyzed exploit summary This is a writeup describing multiple information disclosure vulnerabilities in Sun JavaMail. It outlines how an attacker can access email attachments of other users and download arbitrary files by exploiting insufficient input sanitization.

Description

JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ricky Latt · textwebappsjava
https://www.exploit-db.com/exploits/25702

This is a writeup describing multiple information disclosure vulnerabilities in Sun JavaMail. It outlines how an attacker can access email attachments of other users and download arbitrary files by exploiting insufficient input sanitization.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sun JavaMail
No auth needed
Prerequisites: Access to the vulnerable Sun JavaMail service
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111697083812367&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13753
Various Sources x_refsource_misc
http://tomcat.apache.org/security-5.html

Scores

EPSS 0.0284
EPSS Percentile 85.0%

Details

CWE
CWE-200
Status published
Products (5)
apache_tomcat/apache_tomcat 5.0.16
sun/javamail 1.1.3
sun/javamail 1.2
sun/javamail 1.3
sun/javamail 1.3.2
Published Dec 31, 2005
Tracked Since Feb 18, 2026