HomePentest-Tools.com Logo

Apache Struts Security Update (S2-063) CVE-2023-34149

Severity
CVSSv3 Score
6.5
Vulnerability description

Apache Struts is prone to a denial of service (DoS) vulnerability.

Risk description

WW-4620 added autoGrowCollectionLimit to XWorkListPropertyAccessor, but it only handles setProperty() and not getProperty(). This could lead to OOM if developer has set CreateIfNull to true for the underlying Collection type field.

Recommendation

- Update to version 2.5.31, 6.1.2.1 or later - Workaround: Set CreateIfNull to false for Collection type fields (its by default false if its not set) Note: Please set an override for this result if only the workaround has been applied

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 14, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available