Lucene search

K
cvelistApacheCVELIST:CVE-2023-34149
HistoryJun 14, 2023 - 7:48 a.m.

CVE-2023-34149 Apache Struts: DoS via OOM owing to not properly checking of list bounds

2023-06-1407:48:54
CWE-770
apache
www.cve.org
cve-2023-34149
apache struts
dos
out of memory
resource allocation

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

84.9%

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Apache Struts",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "2.5.30",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "6.1.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

84.9%