HomePentest-Tools.com Logo

Apache Struts Security Update (S2-064) CVE-2023-34396

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Struts is prone to a denial of service (DoS) vulnerability.

Risk description

When a Multipart request has non-file normal form fields, Struts used to bring them into memory as Strings without checking their sizes. This could lead to OOM if developer has set struts.multipart.maxSize to a value equal or greater than the available memory.

Recommendation

- Update to version 2.5.31, 6.1.2.1 or later - Workaround: Set struts.multipart.maxSize to a value much much smaller than the available memory Note: Please set an override for this result if only the workaround has been applied

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 14, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available