← voltar
CVE-2023-41835

Apache Struts: excessive disk usage

CVSS 7.5 HIGHEPSS 6.3%CWE-459
When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in struts.multipart.saveDir  even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Apache Software Foundation · Apache Struts

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2fthttps://security.netapp.com/advisory/ntap-20231013-0001/https://www.openwall.com/lists/oss-security/2023/12/09/1