subject:"\[FD\] JavaMail SMTP Header Injection via method setSubject \[CSNC\-2014\-001\]"

Re: [FD] JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

2014-05-30 Thread Manu Carus

Hi all, can anyone say how far a unicode encoding of the subject header is affected by the problem? A mitigation in a Java application, e.g. like String cleanSubject = subject.replace("\n", " ").replace("\r", " "); might not be a good solution, since SMTP header values may be expressed as unic

[FD] JavaMail SMTP Header Injection via method setSubject [CSNC-2014-001]

2014-05-19 Thread Alexandre Herzog

# # # COMPASS SECURITY ADVISORY # http://www.csnc.ch/en/downloads/advisories.html # # # # Product: JavaMail # Vendor: Oracle # CSNC ID: CSNC-2014-001 # CVD ID: