Lucene search

K

Veracode Vulnerability DatabaseVERACODE:7786

HistoryNov 14, 2018 - 2:32 a.m.

Denial Of Service (DoS)

2018-11-1402:32:14

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Apache Struts is vulnerable to denial of service. A remote attacker is able to cause a denial of service condition using a multipart/form-data encoded form with a parameter name that references the getMultipartRequestHandler function which provides access to elements in CommonsMultipartRequestHandler and BeanUtils.

CPENameOperatorVersion
strutsle1.2.8

References

issues.apache.org/bugzilla/show_bug.cgi?id=38534

lists.suse.com/archive/suse-security-announce/2006-May/0004.html

secunia.com/advisories/19493

secunia.com/advisories/20117

securitytracker.com/id?1015856

struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

www.securityfocus.com/bid/17342

www.vupen.com/english/advisories/2006/1205

bugzilla.redhat.com/show_bug.cgi?id=187542

bugzilla.redhat.com/show_bug.cgi?id=187544

exchange.xforce.ibmcloud.com/vulnerabilities/25613

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Related for VERACODE:7786

attackerkb1 checkpoint_advisories1 prion1 nessus1 cve1 github1 cisa_kev1 osv1 ubuntucve1 threatpost1 openvas2 redhat1 cisa1 ibm1