CVE-2006-1547
CVE-2006-1547
In short
Apache Struts allowed attackers to crash web applications by sending specially crafted form data that exploited how the framework handled file uploads, potentially accessing sensitive internal methods.
Technical detail
CVE-2006-1547 is a denial of service vulnerability in Struts ActionForm that permits remote attackers to invoke the public getMultipartRequestHandler method via malicious multipart/form-data parameter names, gaining unauthorized access to CommonsMultipartRequestHandler internals and BeanUtils reflection capabilities. The attack requires no authentication and impacts availability through resource exhaustion or exception triggering.
Summary generated and translated by AI from the official description.
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://issues.apache.org/bugzilla/show_bug.cgi?id=38534http://lists.suse.com/archive/suse-security-announce/2006-May/0004.htmlhttp://secunia.com/advisories/19493http://secunia.com/advisories/20117http://securitytracker.com/id?1015856https://exchange.xforce.ibmcloud.com/vulnerabilities/25613http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-1547http://www.securityfocus.com/bid/17342http://www.vupen.com/english/advisories/2006/1205