Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-7QWV-CWGJ-C8RJ
HistoryMay 01, 2022 - 6:50 a.m.

Improper Input Validation in Apache Struts

2022-05-0106:50:42
CWE-20
GitHub Advisory Database
github.com
14

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CPENameOperatorVersion
struts:strutslt1.2.9

Related

veracode 1
cisa_kev 1
attackerkb 1
checkpoint_advisories 1
prion 1
nessus 1
cve 1
ubuntucve 1
osv 1
openvas 2
threatpost 1
redhat 1
cisa 1
ibm 1
veracode
veracode
Denial Of Service (DoS)
2018-11-14 02:32:14
cisa_kev
cisa_kev
Apache Struts 1 ActionForm Denial-of-Service Vulnerability
2022-01-21 00:00:00
attackerkb
attackerkb
CVE-2006-1547
2006-03-30 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Struts Denial of Service (CVE-2006-1547)
2022-03-01 00:00:00
prion
prion
Information disclosure
2006-03-30 22:02:00
nessus
nessus
Apache Struts 1.x < 1.2.9 Denial of Service (CVE-2006-1547)
2023-01-30 00:00:00
cve
cve
CVE-2006-1547
2006-03-30 22:02:00
ubuntucve
ubuntucve
CVE-2006-1547
2006-03-30 00:00:00
osv
osv
Improper Input Validation in Apache Struts
2022-05-01 06:50:42
openvas
openvas
Apache Struts Security Update (CVE-2006-1546, CVE-2006-1547, CVE-2006-1548)
2021-09-16 00:00:00
Apache Struts XSS Vulnerability (CVE-2006-1546, CVE-2006-1547, CVE-2006-1548)
2021-09-16 00:00:00
threatpost
threatpost
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
2022-04-22 10:56:16
redhat
redhat
(RHSA-2006:0281) struts security update for Red Hat Application Server
2006-05-03 00:00:00
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-01-21 00:00:00
ibm
ibm
Security Bulletin: Multiple CVEs affect IBM Integration Designer
2023-02-01 19:40:57

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for GHSA-7QWV-CWGJ-C8RJ
veracode1cisa_kev1attackerkb1checkpoint_advisories1prion1nessus1cve1ubuntucve1osv1openvas2threatpost1redhat1cisa1ibm1