Denial Of Services

org.apache.struts, struts2-core is vulnerable to Denial Of Services. The vulnerability exists due to the lack of a validated a max string length limit in JakartaMultiPartRequest.java which allows an attacker to cause an application crash by submitting large multipart requests...

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +324 more potentially affected by CVE-2023-50164 via org.apache.struts:struts2-core (>=2.0.11 <=2.5.32)

org.apache.struts:struts2-core MAVEN version =2.0.11, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-50164 Source advisory: OSV:GHSA-2J39-QCJM-428W...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-50164 via org.apache.struts:struts2-core (>=6.0.0 <=6.3.0.1)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-50164 Source advisory: OSV:GHSA-2J...

GHSA-2J39-QCJM-428W Apache Struts vulnerable to path traversal

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

Apache Struts vulnerable to path traversal

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

Design/Logic Flaw

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

CVE-2023-50164

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

CVE-2023-50164 Apache Struts: File upload component had a directory traversal vulnerability

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this...

CVE-2023-50164

CVE-2023-50164 is an Apache Struts 2 directory traversal flaw in the file-upload parameter that can enable Remote Code Execution. Public details indicate exploitation attempts in the wild and advisories urging upgrading to Struts 2.5.33 or Struts 6.3.0.2 (or greater) to fix the issue. Affected co...

CVE-2023-50164

creationtimestamp| type| source ---|---|--- 2023-12-07 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1177 2023-12-08 14:17:07+00:00| seen| https://t.me/ctinow/154174 2023-12-11 17:03:39+00:00| seen| https://t.me/ctinow/154465 2023-12-11 17:25:08+00:00| seen|...

Apache Struts 安全漏洞

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts suffers from a directory...

Vulnerability fixed in Apache Struts

Apache Foundation has fixed a vulnerability in Struts. A malicious person with rights to upload files can exploit the exploit the vulnerability to upload a rogue file to potentially potentially execute or cause to be executed arbitrary code within the application using Struts. Apache Foundation h...

Apache Struts 2.5.0 < 2.5.33 / 6.0.0 < 6.3.0.2 Remote Code Execution (S2-066)

The version of Apache Struts installed on the remote host is prior to 2.5.33 or 6.3.0.2. It is, therefore, affected by a vulnerability as referenced in the S2-066 advisory. - An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to...

CVE-2023-41835

A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-41835 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2.1)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-41835 Source advisory: OSV:GHSA-72...

org.apache.struts:struts2-apps (>=6.2.0 <=6.3.0), org.apache.struts:struts2-assembly (>=6.2.0 <=6.3.0) +34 more potentially affected by CVE-2023-41835 via org.apache.struts:struts2-core (>=6.2.0 <=6.3.0)

org.apache.struts:struts2-core MAVEN version =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.2.0, =6.3.0 and more Source cves: CVE-2023-41835 Source advisory: OSV:GHSA-729Q-FCGP-R5XH...

GHSA-729Q-FCGP-R5XH Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...

Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fi...