Lucene search
K

16 matches found

RedhatCVE
RedhatCVE
added 2025/02/13 9:6 p.m.7 views

CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

7.5CVSS6.6AI score0.05467EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2024/02/22 4:27 p.m.28 views

Security Bulletin: Due to use of Apache Struts, IBM Sterling File Gateway is affected by denial of service vulnerabilities (CVE-2023-34149, CVE-2023-34396)

Summary IBM Sterling File Gateway uses Apache Struts. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not...

7.5CVSS5.8AI score0.05467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/16 12:18 a.m.37 views

Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI

Summary Apache Struts is used by Tivoli Netcool/OMNIbus WebGUI as part of its web client component CVE-2023-34149, CVE-2023-34396 Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when processing Multipart request containi...

7.5CVSS5.7AI score0.05467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/04 11:20 a.m.49 views

Security Bulletin: CVE-2023-34396 may affect Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint.

Summary CVE-2023-34396 reported in Apache Struts used by Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint Vulnerability Details CVEID:CVE-2023-34396 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw when...

7.5CVSS5.7AI score0.05467EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:1 a.m.37 views

Security Bulletin: Apache Struts Vulerability Affects IBM eDiscovery Manager (CVE-2023-34149, CVE-2023-34396)

Summary Multiple vulnerabilities in Apache Struts 2.5.30 may affect IBM eDiscovery Manager. Vulnerability Details CVEID:CVE-2023-34149 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by a flaw with only handling setProperty but not getProperty. By sending a specially craft...

7.5CVSS6.2AI score0.05467EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/06/27 4:35 p.m.29 views

K000135251: Apache Struts vulnerability CVE-2023-34396

Security Advisory Description Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater CVE-2023-34396 Impact There is no impact; F5...

7.5CVSS7.6AI score0.05467EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/06/15 12:54 a.m.2 views

SUSE CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

7.5CVSS7AI score0.05467EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/06/14 9:30 a.m.5 views

be.objectify:objectify-struts2-tags (=1.0), br.net.woodstock.rockframework:rockframework-struts2 (>=2.0.0 <=2.0.8) +300 more potentially affected by CVE-2023-34396 via org.apache.struts:struts2-core (>=2.0.5 <=2.5.30)

org.apache.struts:struts2-core MAVEN version =2.0.5, =2.0.0, =1.2.1, =1.5.3, =1.5.3, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.2, =1.0, =1.0, =1.0, =1.0.4 and more Source cves: CVE-2023-34396 Source advisory: OSV:GHSA-4G42-GQRG-4633...

7.5CVSS7.2AI score0.05467EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/06/14 9:30 a.m.8 views

com.addc:addc-svr-struts12 (>=2.5 <=2.6.1), com.addc:addc-web-struts12 (>=2.5 <=2.6.1) +75 more potentially affected by CVE-2023-34396 via struts:struts (>=1.1 <=1.2.9)

struts:struts MAVEN version =1.1, =2.5, =2.5, =0.8-M1, =0.9.0, =5.0, =5.0, =4.0.3, =4.0.4 - nanocontainer:nanocontainer-nanowar-sample =1.0-RC-1 and more Source cves: CVE-2023-34396 Source advisory: OSV:GHSA-4G42-GQRG-4633...

7.5CVSS7.1AI score0.05467EPSS
Exploits0
NVD
NVD
added 2023/06/14 8:15 a.m.18 views

CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

7.5CVSS5.7AI score0.05467EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2023/06/14 8:15 a.m.24 views

CVE-2023-34396

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

7.5CVSS7.1AI score0.05467EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/14 7:50 a.m.22 views

CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

4.3CVSS6.7AI score0.05467EPSS
Exploits0References3
CVE
CVE
added 2023/06/14 7:50 a.m.129 views

CVE-2023-34396

CVE-2023-34396 affects Apache Struts; a DoS condition arises when processing multipart requests with non-file fields, allowing remote attackers to exhaust resources. The entry covers Struts up to 2.5.30 and 6.1.2, with remediation by upgrading to Struts 2.5.31 or 6.1.2.1 (or later). IBM security ...

7.5CVSS5.7AI score0.05467EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/06/14 7:50 a.m.21 views

CVE-2023-34396 Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater...

4.3CVSS7.7AI score0.05467EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/06/14 12:0 a.m.12 views

Apache Struts Security Update (S2-064)

Apache Struts is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:struts";...

7.5CVSS7.4AI score0.05467EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/06/13 12:0 a.m.25 views

Apache Struts < 2.5.31 / 6.1.2.1 Denial of Service (S2-064)

The version of Apache Struts installed on the remote host is prior to 2.5.31 or 6.1.2.1. It is, therefore, affected by a vulnerability as referenced in the S2-064 advisory. - When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checkin...

7.5CVSS7.5AI score0.05467EPSS
Exploits0References2
Rows per page
Query Builder