The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle JavaMail

vulnerability bulletin 20363

Oracle JavaMail: header injection via msg.setFrom

Synthesis of the vulnerability

An attacker, who is allowed to choose the email sender, can use a line feed, in order to force the msg.setFrom() method of Oracle JavaMail to inject an header.
Impacted products: Oracle JavaMail.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user account.
Creation date: 11/08/2016.
Identifiers: 7529, VIGILANCE-VUL-20363.

Description of the vulnerability

The Oracle JavaMail product is used by Java applications to send an email.

The msg.setFrom() method defines the email sender. However, line feeds are not filtered in the sender name. For example, "My Name \nX-SomeHeader: somedata" injects the "X-SomeHeader: somedata" header.

An attacker, who is allowed to choose the email sender, can therefore use a line feed, in order to force the msg.setFrom() method of Oracle JavaMail to inject an header.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 16637

Oracle JavaMail: information disclosure via Message-Id

Synthesis of the vulnerability

An attacker, who receives or processes an email generated by Oracle JavaMail, can thus read its Message-Id, in order to obtain sensitive information.
Impacted products: Oracle JavaMail.
Severity: 2/4.
Consequences: data reading.
Provenance: document.
Creation date: 16/04/2015.
Identifiers: VIGILANCE-VUL-16637.

Description of the vulnerability

The Oracle JavaMail product implements the messaging client.

The Message-Id header of an email contains an identifier unique for each email. For example:
  Message-ID: <aléa-partie-locale@example.host>

However, JavaMail builds this identifier using the name of the current user.

An attacker, who receives or processes an email generated by Oracle JavaMail, can thus read its Message-Id, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 14768

Oracle JavaMail: injection of SMTP header via setSubject

Synthesis of the vulnerability

An attacker, who is allowed to choose the subject of an email, can use a line feed, in order to force the setSubject() method of Oracle JavaMail to inject a new SMTP header.
Impacted products: Oracle JavaMail.
Severity: 2/4.
Consequences: data creation/edition, data flow.
Provenance: document.
Creation date: 20/05/2014.
Identifiers: CSNC-2014-001, VIGILANCE-VUL-14768.

Description of the vulnerability

The Oracle JavaMail product is used by Java applications to send an email.

The setSubject() method defines the email subject. However, line feeds are not filtered. For example, the subject "test\r\nCc: email" injects a new Cc header.

An attacker, who is allowed to choose the subject of an email, can therefore use a line feed, in order to force the setSubject() method of Oracle JavaMail to inject a new SMTP header.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle JavaMail: