Lucene search
K

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/11/14 3:53 p.m.17 views

Security Bulletin: IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service

Summary IBM B2B File Gateway is affected by Apache Struts vulnerability to denial of service Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload reques...

7.5CVSS6.7AI score0.06286EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/04/18 12:30 p.m.57 views

Security Bulletin: Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager.

Summary Vulnerabilities in Apache Struts affect IBM Tivoli Application Dependency Discovery Manager CVE-2023-41835, CVE-2023-50164 This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2023-41835 DESCRIPTION: Apache Struts is vulnerable to a deni...

9.8CVSS9.4AI score0.80819EPSS
Exploits15Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/28 12:0 a.m.26 views

Atlassian Confluence 1.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94106)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94106 advisory. - This High severity org.apache.struts:struts2-core Dependency vulnerability was introduced in versions 1.0.1 of Confluence Data Center and...

7.5CVSS7.3AI score0.06286EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2023/12/05 12:40 p.m.56 views

CVE-2023-41835

A flaw was found in struts. When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'struts.multipart.saveDir', even if the request has been denied...

7.5CVSS6.8AI score0.06286EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2023/12/05 9:33 a.m.10 views

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-41835 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2.1)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-41835 Source advisory: OSV:GHSA-72...

7.5CVSS7.2AI score0.06286EPSS
Exploits0
NVD
NVD
added 2023/12/05 9:15 a.m.30 views

CVE-2023-41835

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

7.5CVSS0.06286EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/12/05 8:37 a.m.5 views

CVE-2023-41835 Apache Struts: excessive disk usage

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

7.5AI score0.06286EPSS
Exploits0References2
CVE
CVE
added 2023/12/05 8:37 a.m.128 views

CVE-2023-41835

Apache Struts vulnerability CVE-2023-41835 arises from incomplete cleanup of the struts.multipart.saveDir after a denied multipart upload, enabling denial of service. IBM/Atlassian advisories confirm impact and list affected Struts versions and products (e.g., Struts 2.x; Struts 2.5.32, 6.1.2.2, ...

7.5CVSS7.3AI score0.06286EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/05 8:37 a.m.29 views

CVE-2023-41835 Apache Struts: excessive disk usage

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which...

7.6AI score0.06286EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/09/22 6:12 p.m.32 views

K000136957: Apache struts vulnerability CVE-2023-41835

Security Advisory Description When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Strut...

7.5CVSS7.4AI score0.06286EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/09/13 12:0 a.m.68 views

Apache Struts 2.0.0 < 2.5.32 / 6.0.0 < 6.3.0.1 Denial of Service (S2-065)

The version of Apache Struts installed on the remote host is prior to 2.5.32 or 6.3.0.1. It is, therefore, affected by a vulnerability as referenced in the S2-065 advisory. - When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remai...

7.5CVSS7.2AI score0.06286EPSS
Exploits0References2
Rows per page
Query Builder