Javamail does not properly handle a series of invalid login attempts
in which the same e-mail address is entered as username and password,
and the domain portion of this address yields a Java
UnknownHostException error, which allows remote attackers to cause a
denial of service (connection pool exhaustion) via a large number of
requests, resulting in a SQLNestedException.
CVE was disputed, quoting:
Sun disputes this issue, stating "The report makes references to source code and
files that do not exist in the mentioned products."