2549 matches found
CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
Code injection
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
Code injection
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34396
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34149
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34396
CVE-2023-34396 affects Apache Struts; a DoS condition arises when processing multipart requests with non-file fields, allowing remote attackers to exhaust resources. The entry covers Struts up to 2.5.30 and 6.1.2, with remediation by upgrading to Struts 2.5.31 or 6.1.2.1 (or later). IBM security ...
CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34149 Apache Struts: DoS via OOM owing to not properly checking of list bounds
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34149 Apache Struts: DoS via OOM owing to not properly checking of list bounds
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...
CVE-2023-34149
CVE-2023-34149 describes a denial-of-service flaw in Apache Struts caused by a vulnerability in how setProperty() is handled compared to getProperty(). The issue affects Struts up to 2.5.30 and up to 6.1.2, with remediation available by upgrading to Struts 2.5.31 or 6.1.2.1 (or greater). IBM and ...
Apache Struts 安全漏洞
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts denial of service...
Apache Struts 安全漏洞
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts there is a denial of...
Apache Struts Security Update (S2-063)
Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...
Apache Struts Security Update (S2-064)
Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...
Apache Struts 2.0.0 < 6.1.2.1 Denial of Service (S2-063)
The version of Apache Struts installed on the remote host is prior to 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-063 advisory. - WW-4620 added autoGrowCollectionLimit to XWorkListPropertyAccessor, but it only handles setProperty and not getProperty. This could...
PT-2023-3359 · Apache +1 · Apache Struts +1
Name of the Vulnerable Software and Affected Versions: Apache Struts versions through 2.5.30 Apache Struts versions through 6.1.2 Description: The issue is related to the allocation of resources without limits or throttling, which can lead to a denial of service via out of memory OOM due to no...
PT-2023-3364 · Apache · Apache Struts
Name of the Vulnerable Software and Affected Versions: Apache Struts versions through 2.5.30 Apache Struts versions through 6.1.2 Description: The issue is related to the allocation of resources without limits or throttling, which can lead to a denial of service via out of memory OOM due to not...
Apache Struts < 2.5.31 / 6.1.2.1 Denial of Service (S2-064)
The version of Apache Struts installed on the remote host is prior to 2.5.31 or 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-064 advisory. - When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checkin...
Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2015-1831)
Summary An Open Source Apache Struts vulnerability was disclosed in May 2015. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified vulnerability in Apache Struts related to incorrect ""excludeParams"" when the default...