Apache Struts getMultipartRequestHandler() Function Crafted Request DoS

ID OSVDB:24364
Type osvdb
Reporter OSVDB
Modified 2006-02-06T10:17:36


Solution Description

Upgrade to version 1.2.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


Vendor URL: http://struts.apache.org/ Vendor Specific News/Changelog Entry: http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html Vendor Specific News/Changelog Entry: http://issues.apache.org/bugzilla/show_bug.cgi?id=38534 Security Tracker: 1015856 Secunia Advisory ID:20117 Secunia Advisory ID:19493 Related OSVDB ID: 24365 Related OSVDB ID: 24363 Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html CVE-2006-1547 Bugtraq ID: 17342