6.5

CVE-2023-34149

Apache Struts: DoS via OOM owing to not properly checking of list bounds

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2.

Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheStruts Version < 2.5.31
ApacheStruts Version >= 6.0.0 < 6.1.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.4% 0.916
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security@apache.org 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

http://www.openwall.com/lists/oss-security/2023/06/14/2
Mailing List
https://cwiki.apache.org/confluence/display/WW/S2-063
Vendor Advisory
https://security.netapp.com/advisory/ntap-20230706-0005/