[原文]Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header.
Discovery is credited to Rafael San Miguel Carrasco.
Sun JavaMail 1.3.2
Sun JavaMail is prone to a directory traversal vulnerability. This arises because the API fails to properly validate filenames in email attachments received by the applet.
This issue was reported to affect JavaMail 1.3.2, however, earlier versions may also be vulnerable.
An exploit is not required.
The following example was provided:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.