← Volver a CVEs
CVE-2023-41835
HIGH7.5
Descripcion
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/5/2023
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
apache:struts
Debilidades (CWE)
CWE-459CWE-459
Referencias
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft(security@apache.org)
https://www.openwall.com/lists/oss-security/2023/12/09/1(security@apache.org)
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231013-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/12/09/1(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.