Vulnerability Description
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Solstice | Solstice Internet Mail Server | pop3_2.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=111653029605189&w=2
- http://www.vupen.com/english/advisories/2005/0574Vendor Advisory
- http://marc.info/?l=bugtraq&m=111653029605189&w=2
- http://www.vupen.com/english/advisories/2005/0574Vendor Advisory
FAQ
What is CVE-2005-1682?
CVE-2005-1682 is a vulnerability with a CVSS score of 2.1 (LOW). JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remot...
How severe is CVE-2005-1682?
CVE-2005-1682 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1682?
Check the references section above for vendor advisories and patch information. Affected products include: Solstice Solstice Internet Mail Server.