PRIOn knowledge basePRION:CVE-2006-1547

HistoryMar 30, 2006 - 10:02 p.m.

Information disclosure

2006-03-3022:02:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.6%

JSON

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CPENameOperatorVersion
strutsle1.2.8
strutseq1.2.7

CPE	Name	Operator	Version
	struts	le	1.2.8
	struts	eq	1.2.7

References

issues.apache.org/bugzilla/show_bug.cgi?id=38534

lists.suse.com/archive/suse-security-announce/2006-May/0004.html

secunia.com/advisories/19493

secunia.com/advisories/20117

securitytracker.com/id?1015856

struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

www.securityfocus.com/bid/17342

www.vupen.com/english/advisories/2006/1205

exchange.xforce.ibmcloud.com/vulnerabilities/25613