CVE-2005-1753

Name of the Vulnerable Software and Affected Versions JavaMail API versions 1.1.3 through 1.3

Description The issue allows remote attackers to view other users' e-mail attachments via a direct request to "/mailboxesdir/username@domainname". This is related to the ReadMessage.jsp file in the JavaMail API. Note that Sun and Apache dispute this issue, with Sun stating that the report references non-existent source code and files in the mentioned products.

Recommendations For JavaMail API versions 1.1.3 through 1.3, consider restricting access to the ReadMessage.jsp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.