Apache Struts: DoS via OOM owing to no sanity limit on normal form fields in multipart forms
CVE-2023-34396
7.5HIGH
Summary
A resource management flaw exists in Apache Struts that could allow an attacker to cause excessive resource consumption by failing to limit resource allocation. This vulnerability affects versions of Apache Struts up to 2.5.30 and 6.1.2. To mitigate potential risks, users are advised to upgrade to Apache Struts version 2.5.31 or 6.1.2.1 or above.
Affected Version(s)
Apache Struts 0 <= 2.5.30
Apache Struts 0 <= 2.5.30
Apache Struts 0 <= 6.1.2
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Matthew McClain