7.8

CVE-2006-1547

Warning
Exploit

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Data is provided by the National Vulnerability Database (NVD)
ApacheStruts Version < 1.2.9
   ApacheCommons Beanutils Version1.7.0

21.01.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apache Struts 1 ActionForm Denial-of-Service Vulnerability

Vulnerability

ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 13.58% 0.94
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

http://securitytracker.com/id?1015856
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/17342
Third Party Advisory
Broken Link
VDB Entry