Lucene search

[email protected]CVE-2006-1547

HistoryMar 30, 2006 - 10:02 p.m.

CVE-2006-1547

2006-03-3022:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

869

In Wild

cve-2006-1547

apache struts

asf

denial of service

remote attackers

beanutils

7.7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CPENameOperatorVersion
apache:strutsapache strutsle1.2.8
apache:strutsapache strutseq1.2.7

CPE	Name	Operator	Version
apache:struts	apache struts	le	1.2.8
apache:struts	apache struts	eq	1.2.7

References

issues.apache.org/bugzilla/show_bug.cgi?id=38534

lists.suse.com/archive/suse-security-announce/2006-May/0004.html

secunia.com/advisories/19493

secunia.com/advisories/20117

securitytracker.com/id?1015856

struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

www.securityfocus.com/bid/17342

www.vupen.com/english/advisories/2006/1205

exchange.xforce.ibmcloud.com/vulnerabilities/25613

Social References

7.7 High

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON

Related for CVE-2006-1547

attackerkb1 checkpoint_advisories1 prion1 nessus1 github1 veracode1 cisa_kev1 ubuntucve1 osv1 openvas2 threatpost1 redhat1 cisa1 ibm1