Bug 393821 - (CVE-2007-6059) CVE-2007-6059 Javamail DoS
CVE-2007-6059 Javamail DoS
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On:
  Show dependency treegraph
Reported: 2007-11-21 04:22 EST by Marc Schoenefeld
Modified: 2010-12-22 18:21 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-12-22 18:21:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marc Schoenefeld 2007-11-21 04:22:06 EST
CVE Description: 

Javamail does not properly handle a series of invalid login attempts
in which the same e-mail address is entered as username and password,
and the domain portion of this address yields a Java
UnknownHostException error, which allows remote attackers to cause a
denial of service (connection pool exhaustion) via a large number of
requests, resulting in a SQLNestedException.
Comment 1 Robert Buchholz 2008-01-15 10:45:24 EST
CVE was disputed, quoting:
Sun disputes this issue, stating "The report makes references to source code and
files that do not exist in the mentioned products."

Note You need to log in before you can comment on or make changes to this bug.