11 matches found
Security Bulletin: IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service
Summary IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload reques...
Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.
Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...
Atlassian Confluence 1.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94106)
The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94106 advisory. - This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 1.0.1 of Confluence Data Center and...
CVE-2023-41835
A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied...
com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-41835 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2.1)
org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-41835 Source advisory: OSV:GHSA-72...
CVE-2023-41835
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...
CVE-2023-41835 Apache Struts: excessive disk usage
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...
CVE-2023-41835
Apache Struts vulnerability CVE-2023-41835 arises from incomplete cleanup of the struts.multipart.saveDir after a denied multipart upload, enabling denial of service. IBM/Atlassian advisories confirm impact and list affected Struts versions and products (e.g., Struts 2.x; Struts 2.5.32, 6.1.2.2, ...
CVE-2023-41835 Apache Struts: excessive disk usage
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...
K000136957: Apache struts vulnerability CVE-2023-41835
Security Advisory Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Strut...
Apache Struts 2.0.0 < 2.5.32 / 6.0.0 < 6.3.0.1 Denial of Service (S2-065)
The version of Apache Struts installed on the remote host is prior to 2.5.32 or 6.3.0.1. It is, therefore, affected by a vulnerability as referenced in the S2-065 advisory. - When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remai...