The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Oracle JavaMail

Oracle JavaMail: header injection via msg.setFrom
An attacker, who is allowed to choose the email sender, can use a line feed, in order to force the msg.setFrom() method of Oracle JavaMail to inject an header...
7529, VIGILANCE-VUL-20363
Oracle JavaMail: information disclosure via Message-Id
An attacker, who receives or processes an email generated by Oracle JavaMail, can thus read its Message-Id, in order to obtain sensitive information...
VIGILANCE-VUL-16637
Oracle JavaMail: injection of SMTP header via setSubject
An attacker, who is allowed to choose the subject of an email, can use a line feed, in order to force the setSubject() method of Oracle JavaMail to inject a new SMTP header...
CSNC-2014-001, VIGILANCE-VUL-14768
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle JavaMail: