CVE-2006-4951

Name of the Vulnerable Software and Affected Versions Neon WebMail for Java versions prior to 5.08

Description The issue allows remote attackers to execute arbitrary Java code by sending an e-mail message with a JSP file attachment. This attachment is stored under the web root with a predictable filename, enabling the execution of malicious code.

Recommendations For versions prior to 5.08, update to version 5.08 or later to resolve the issue. As a temporary workaround, consider restricting the ability to send email messages with JSP file attachments to minimize the risk of exploitation.