CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

Design/Logic Flaw

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

CVE-2023-41835 Apache Struts: excessive disk usage

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

CVE-2023-41835 Apache Struts: excessive disk usage

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

Apache Struts Security Vulnerabilities

Apache Struts is the United States Apache Apache Foundation of an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework product , Struts 1 and Struts 2. Apache Struts has a security...

PT-2023-7502 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions 2.0.0 through 2.5.32 Apache Struts versions 6.0.0 through 6.3.0.1 Description: A critical vulnerability has been identified in Apache Struts, allowing attackers to manipulate file upload parameters and enable path...

net.chronakis.tiles-dynamic:tiles-dynamic-example (=1.3), net.chronakis.tiles-dynamic:tiles-dynamic-lib (=1.3) +14 more potentially affected by CVE-2023-49735 via org.apache.struts:struts-tiles (=1.3.10)

org.apache.struts:struts-tiles MAVEN version =1.3.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.struts:struts-tiles and may be impacted: - net.chronakis.tiles-dynamic:tiles-dynamic-example =1.3 -...

com.addc:addc-svr-struts12 (>=2.5 <=2.6.1), com.addc:addc-web-struts12 (>=2.5 <=2.6.1) +75 more potentially affected by CVE-2023-49735 via struts:struts (>=1.1 <=1.2.9)

struts:struts MAVEN version =1.1, =2.5, =2.5, =0.8-M1, =0.9.0, =5.0, =5.0, =4.0.3, =4.0.4 - nanocontainer:nanocontainer-nanowar-sample =1.0-RC-1 and more Source cves: CVE-2023-49735 Source advisory: OSV:GHSA-QW4H-3XJJ-84CC...

Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-41835)

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component. The fix includes Apache Struts v2.5.32. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the...

CVE-2023-6308

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-6308

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...

Out-of-bounds

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-6308 Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-6308

The CVE-2023-6308 entry concerns Xiamen Four-Faith Video Surveillance Management System (2016/2017) with a vulnerability in the Apache Struts component that permits unrestricted file uploads. Exploitation can be remote and public disclosure exists. Several connected sources (Red Hat, CVE.org/CNNV...

PT-2023-32608 · Apache +1 · Apache Struts +1

Name of the Vulnerable Software and Affected Versions: Xiamen Four-Faith Video Surveillance Management System versions 2016 through 2017 Description: A critical issue has been found in the Apache Struts component of the system, allowing for unrestricted upload. The attack can be launched remotely...

DoS (Denial of Service) apache-struts in Bamboo Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 of Bamboo Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...

F5 Networks BIG-IP : Apache Struts vulnerabilities (K24608264)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the K24608264 advisory. - Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code executio...