What is the severity of CVE-2005-1754?

CVE-2005-1754 has been disputed, with no consensus on its severity from Sun and Apache.

How do I fix CVE-2005-1754?

To mitigate CVE-2005-1754, consider updating to a more recent version of Apache Tomcat or JavaMail that addresses this vulnerability.

Which versions of Apache Tomcat are affected by CVE-2005-1754?

CVE-2005-1754 affects Apache Tomcat version 5.0.16.

Which versions of JavaMail are affected by CVE-2005-1754?

CVE-2005-1754 affects JavaMail versions 1.1.3, 1.2, 1.3, and 1.3.2.

Can remote attackers exploit CVE-2005-1754?

Yes, remote attackers can exploit CVE-2005-1754 to read arbitrary files via a crafted Download parameter.

Vulnerability/
CVE-2005-1754

medium

CWE

200

31/12/2005

21/5/2006

7/8/2024

CVE-2005-1754: Infoleak

First published: Sat Dec 31 2005(Updated: )

** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Red Hat Javamail	=1.1.3
Red Hat Javamail	=1.3
Red Hat Javamail	=1.2
Apache Tomcat	=5.0.16
Red Hat Javamail	=1.3.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2005-1754?
CVE-2005-1754 has been disputed, with no consensus on its severity from Sun and Apache.
How do I fix CVE-2005-1754?
To mitigate CVE-2005-1754, consider updating to a more recent version of Apache Tomcat or JavaMail that addresses this vulnerability.
Which versions of Apache Tomcat are affected by CVE-2005-1754?
CVE-2005-1754 affects Apache Tomcat version 5.0.16.
Which versions of JavaMail are affected by CVE-2005-1754?
CVE-2005-1754 affects JavaMail versions 1.1.3, 1.2, 1.3, and 1.3.2.
Can remote attackers exploit CVE-2005-1754?
Yes, remote attackers can exploit CVE-2005-1754 to read arbitrary files via a crafted Download parameter.

agent/type
agent/first-publish-date
agent/weakness
agent/references
agent/severity
agent/description
agent/status
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/source
agent/tags
agent/author
agent/softwarecombine
collector/nvd-historical
vendor/sun
vendor/javamail
vendor/apache tomcat
agent/software-canonical-lookup-request
collector/nvd-index
collector/nvd-api
source/NVD
agent/software-canonical-lookup
canonical/red hat javamail
version/red hat javamail/1.1.3
version/red hat javamail/1.3
version/red hat javamail/1.2
canonical/apache tomcat
version/apache tomcat/5.0.16
version/red hat javamail/1.3.2
status/disputed

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.