Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1547

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-1547
Last Modified 07 Mar 2011 09:33:17
Published 30 Mar 2006 05:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1547

Summary

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Vulnerable Systems

Application

  • Apache Struts 1.2.7

  • Apache Struts 1.2.8


References

CONFIRM - http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

VUPEN - ADV-2006-1205

CONFIRM - http://issues.apache.org/bugzilla/show_bug.cgi?id=38534

XF - struts-actionform-dos(25613)

BID - 17342

SECTRACK - 1015856

SECUNIA - 20117

SECUNIA - 19493

SUSE - SUSE-SR:2006:010


Last Updated: 27 May 2016 10:42:06