393821 – (CVE-2007-6059) CVE-2007-6059 Javamail DoS

Bug 393821 (CVE-2007-6059) - CVE-2007-6059 Javamail DoS

Summary: CVE-2007-6059 Javamail DoS

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2007-6059
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:	http://archives.neohapsis.com/archive...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-11-21 09:22 UTC by Marc Schoenefeld
Modified:	2019-09-29 12:22 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2010-12-22 23:21:08 UTC
Embargoed:

Attachments	(Terms of Use)

Description Marc Schoenefeld 2007-11-21 09:22:06 UTC

CVE Description: 

Javamail does not properly handle a series of invalid login attempts
in which the same e-mail address is entered as username and password,
and the domain portion of this address yields a Java
UnknownHostException error, which allows remote attackers to cause a
denial of service (connection pool exhaustion) via a large number of
requests, resulting in a SQLNestedException.

Comment 1 Robert Buchholz 2008-01-15 15:45:24 UTC

CVE was disputed, quoting:
Sun disputes this issue, stating "The report makes references to source code and
files that do not exist in the mentioned products."

Note You need to log in before you can comment on or make changes to this bug.