Lucene search

K

Veracode Vulnerability DatabaseVERACODE:44593

HistoryDec 07, 2023 - 9:57 a.m.

Denial Of Services

2023-12-0709:57:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7

denial of services

apache struts

jakartamultipartrequest

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

org.apache.struts, struts2-core is vulnerable to Denial Of Services. The vulnerability exists due to the lack of a validated a max string length limit in JakartaMultiPartRequest.java which allows an attacker to cause an application crash by submitting large multipart requests.

CPENameOperatorVersion
struts 2 corele2.5.31
struts 2 corele6.3.0
struts 2 corele6.1.2.1
struts 2 corele2.5.31
struts 2 corele6.3.0
struts 2 corele6.1.2.1

References

www.openwall.com/lists/oss-security/2023/12/09/1

github.com/advisories/GHSA-729q-fcgp-r5xh

github.com/apache/struts/commit/3292152f8c0a77ee4827beede82b6580478a2c2a

github.com/apache/struts/commit/4c044f12560e22e00520595412830f9582d6dac7

github.com/apache/struts/commit/bf54436869c264941dd192c752a4abfaa65d3711

lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft

www.openwall.com/lists/oss-security/2023/12/09/1

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.3%

Related for VERACODE:44593

redhatcve1 osv2 nessus2 cve1 openvas1 f51 cvelist1 atlassian2 prion1 github1 ibm5 nvd1 ubuntucve1