Bug 393821 (CVE-2007-6059) - CVE-2007-6059 Javamail DoS
Summary: CVE-2007-6059 Javamail DoS
Alias: CVE-2007-6059
Product: Security Response
Classification: Other
Component: vulnerability   
(Show other bugs)
Version: unspecified
Hardware: All Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://archives.neohapsis.com/archive...
Whiteboard: source=bugtraq,reported=20071116,publ...
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2007-11-21 09:22 UTC by Marc Schoenefeld
Modified: 2010-12-22 23:21 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2010-12-22 23:21:08 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Marc Schoenefeld 2007-11-21 09:22:06 UTC
CVE Description: 

Javamail does not properly handle a series of invalid login attempts
in which the same e-mail address is entered as username and password,
and the domain portion of this address yields a Java
UnknownHostException error, which allows remote attackers to cause a
denial of service (connection pool exhaustion) via a large number of
requests, resulting in a SQLNestedException.

Comment 1 Robert Buchholz 2008-01-15 15:45:24 UTC
CVE was disputed, quoting:
Sun disputes this issue, stating "The report makes references to source code and
files that do not exist in the mentioned products."

Note You need to log in before you can comment on or make changes to this bug.