← Voltar para CVEs
CVE-2023-41835
HIGH7.5
Descricao
When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/5/2023
Ultima modificacao11/4/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
apache:struts
Fraquezas (CWE)
CWE-459CWE-459
Referencias
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft(security@apache.org)
https://www.openwall.com/lists/oss-security/2023/12/09/1(security@apache.org)
https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft(af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20231013-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2023/12/09/1(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.