Lucene search
ApacheCVELIST:CVE-2023-41835HistoryDec 05, 2023 - 8:37 a.m.
CVE-2023-41835 Apache Struts: excessive disk usage
2023-12-0508:37:31
CWE-459
apache
www.cve.org
2
apache struts
security vulnerability
excessive disk usage
upgrade recommendation
cve-2023-41835
multipart request
0.003 Low
EPSS
Percentile
66.3%
When a Multipart request is performed but some of the fields exceed the maxStringLengthย limit, the upload files will remain in struts.multipart.saveDirย even if the request has been denied.
Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
CNA Affected
[
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.struts",
"product": "Apache Struts",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.5.31",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.3.0",
"status": "affected",
"version": "6.1.2.1",
"versionType": "semver"
}
]
}
]Related
redhatcve
redhatcve
CVE-2023-41835
2023-12-05 12:40:10
osv
osv
CVE-2023-41835
2023-12-05 09:15:07
nessus
nessus
cve
cve
CVE-2023-41835
2023-12-05 09:15:07
openvas
openvas
Apache Struts Security Update (S2-065)
2023-09-14 00:00:00
veracode
veracode
Denial Of Services
2023-12-07 09:57:22
f5
f5
K000136957 : Apache struts vulnerability CVE-2023-41835
2023-09-22 00:00:00
atlassian
atlassian
prion
prion
Design/Logic Flaw
2023-12-05 09:15:00
github
github
ibm
ibm
Security Bulletin: Vulnerabilities in Apache Struts library affect Tivoli Netcool/OMNIbus WebGUI (CVE-2023-41835)
2023-11-30 07:32:12
Security Bulletin: Struts vulnerability
2023-10-10 21:40:32
nvd
nvd
CVE-2023-41835
2023-12-05 09:15:07
ubuntucve
ubuntucve
CVE-2023-41835
2023-12-05 00:00:00