CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

CVE-2023-34396

CVE-2023-34396 affects Apache Struts; a DoS condition arises when processing multipart requests with non-file fields, allowing remote attackers to exhaust resources. The entry covers Struts up to 2.5.30 and 6.1.2, with remediation by upgrading to Struts 2.5.31 or 6.1.2.1 (or later). IBM security ...

CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

CVE-2023-34149 Apache Struts: DoS via OOM owing to not properly checking of list bounds

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

CVE-2023-34149

CVE-2023-34149 describes a denial-of-service flaw in Apache Struts caused by a vulnerability in how setProperty() is handled compared to getProperty(). The issue affects Struts up to 2.5.30 and up to 6.1.2, with remediation available by upgrading to Struts 2.5.31 or 6.1.2.1 (or greater). IBM and ...

CVE-2023-34149 Apache Struts: DoS via OOM owing to not properly checking of list bounds

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

Apache Struts Security Update (S2-064)

Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...

Apache Struts 安全漏洞

Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts there is a denial of...

Apache Struts Security Update (S2-063)

Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...

PT-2023-3359 · Apache +1 · Apache Struts +1

Name of the Vulnerable Software and Affected Versions: Apache Struts versions through 2.5.30 Apache Struts versions through 6.1.2 Description: The issue is related to the allocation of resources without limits or throttling, which can lead to a denial of service via out of memory OOM due to no...

Apache Struts < 2.5.31 / 6.1.2.1 Denial of Service (S2-064)

The version of Apache Struts installed on the remote host is prior to 2.5.31 or 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-064 advisory. - When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checkin...

Apache Struts 2.0.0 < 6.1.2.1 Denial of Service (S2-063)

The version of Apache Struts installed on the remote host is prior to 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-063 advisory. - WW-4620 added autoGrowCollectionLimit to XWorkListPropertyAccessor, but it only handles setProperty and not getProperty. This could...

Security Bulletin: Multiple vulnerabilities in Apache Struts affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

Summary Open Source Apache Struts vulnerabilities were disclosed in Jun 2016. Struts is used by SAN Volume Controller, Storwize family and FlashSystem V9000 products in their Service Assistant GUI. The CVEs are CVE-2016-4430 CVE-2016-4431 CVE-2016-4433 CVE-2016-4436. Vulnerability Details CVEID:...

Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family (CVE-2014-0094)

Summary Security Bulletin: Security bypass vulnerability in SAN Volume Controller and Storwize Family CVE-2014-0094 Vulnerability Details Security Bulletin --- Summary --- Apache Struts ParametersInterceptor security bypass. Vulnerability Details --- CVEID: CVE-2014-0094 DESCRIPTION: Apache Strut...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5638)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products allowing arbitrary code execution. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2017-5638 DESCRIPTION:...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2016-4461)

Summary A vulnerability in the Apache Struts component affects the Service Assistant GUI of SAN Volume Controller, Storwize family and FlashSystem V9000 products. The Command Line Interface is unaffected. Vulnerability Details CVEID: CVE-2016-4461 DESCRIPTION: Apache Struts could allow a remote...

Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller and Storwize Family (CVE-2015-5209)

Summary An Open Source Apache Struts vulnerability was disclosed in September 2015. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2015-5209 DESCRIPTION: Apache Struts could allow a remote attacker to gain unauthorized access to the system. An attack...

Security Bulletin: Vulnerabilities in Apache Struts affect SAN Volume Controller and Storwize Family (CVE-2016-0785 CVE-2016-2162)

Summary Open Source Apache Struts vulnerabilities were disclosed in March 2016. Struts is used by SAN Volume Controller and Storwize Family in its Service Assistant GUI. Vulnerability Details CVEID: CVE-2016-0785 DESCRIPTION: Apache Struts could allow a remote attacker to execute arbitrary code o...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2015-1831)

Summary An Open Source Apache Struts vulnerability was disclosed in May 2015. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2015-1831 DESCRIPTION: An unspecified vulnerability in Apache Struts related to incorrect ""excludeParams"" when the default...

Security Bulletin: Vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products (CVE-2018-11776)

Summary A vulnerability in Apache Struts affects IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 and 9100 family products. Apache Struts is used in the Service Assistant GUI...