Main Vulnerability Database Vulnerabilities #VU80762

#VU80762 Resource exhaustion in Apache Struts - CVE-2023-41835

Published: September 13, 2023

Vulnerability identifier: #VU80762

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-41835

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Struts

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly handles multipart requests. A remote attacker can send a specially crafted multipart request with fields that exceed the maxStringLength limit and force the application to use disk excessively even if the request was denied.

Remediation

Install updates from vendor's website.

External links

https://cwiki.apache.org/confluence/display/WW/S2-065

#VU80762 Resource exhaustion in Apache Struts - CVE-2023-41835

Description

Remediation

External links

Please verify you're human