CVE-2005-1754

Name of the Vulnerable Software and Affected Versions JavaMail API versions 1.1.3 through 1.3

Description The issue allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. It is worth noting that Sun and Apache dispute this issue, with Sun stating that the report references non-existent source code and files in the mentioned products.

Recommendations For JavaMail API versions 1.1.3 through 1.3, as a temporary workaround, consider restricting access to the Download parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.