7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.3%
org.apache.struts, struts2-core is vulnerable to Denial Of Services. The vulnerability exists due to the lack of a validated a max string length limit in JakartaMultiPartRequest.java
which allows an attacker to cause an application crash by submitting large multipart requests.
CPE | Name | Operator | Version |
---|---|---|---|
struts 2 core | le | 2.5.31 | |
struts 2 core | le | 6.3.0 | |
struts 2 core | le | 6.1.2.1 | |
struts 2 core | le | 2.5.31 | |
struts 2 core | le | 6.3.0 | |
struts 2 core | le | 6.1.2.1 |
www.openwall.com/lists/oss-security/2023/12/09/1
github.com/advisories/GHSA-729q-fcgp-r5xh
github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a
github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7
github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711
lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft
www.openwall.com/lists/oss-security/2023/12/09/1
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.3%