Apache Struts is vulnerable to denial of service. A remote attacker is able to cause a denial of service condition using a multipart/form-data
encoded form with a parameter name that references the getMultipartRequestHandler
function which provides access to elements in CommonsMultipartRequestHandler
and BeanUtils
.
issues.apache.org/bugzilla/show_bug.cgi?id=38534
lists.suse.com/archive/suse-security-announce/2006-May/0004.html
secunia.com/advisories/19493
secunia.com/advisories/20117
securitytracker.com/id?1015856
struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html
www.securityfocus.com/bid/17342
www.vupen.com/english/advisories/2006/1205
bugzilla.redhat.com/show_bug.cgi?id=187542
bugzilla.redhat.com/show_bug.cgi?id=187544
exchange.xforce.ibmcloud.com/vulnerabilities/25613