CVE-2023-41835

Published: 05/12/2023 Updated: 13/12/2023

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 0

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache struts

DescriptionA flaw was found in struts When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in 'strutsmultipartsaveDir', even if the request has been deniedA flaw was found in struts When a Multipart request is performed but some of the fields exceed the maxStringLeng ...

Severity: moderate Affected versions: - Apache Struts 200 through 2531 - Apache Struts 6121 through 630 Description: When a Multipart request is performed but some of the fields exceed the maxStringLength  limit, the upload files will remain in strutsmultipartsaveDir  even if the request has been denied Users are recommen ...

CWE-459 https://lists.apache.org/thread/6wj530kh3ono8phr642y9sqkl67ys2ft https://www.openwall.com/lists/oss-security/2023/12/09/1 https://nvd.nist.gov https://seclists.org/oss-sec/2023/q4/265 https://access.redhat.com/security/cve/cve-2023-41835

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-41835

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect