ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 07 Feb 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-749
Metrics kev

{'dateAdded': '2022-01-21'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 13 Aug 2024 23:15:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-07-30T01:47:08.709Z

Reserved: 2006-03-30T00:00:00.000Z

Link: CVE-2006-1547

cve-icon Vulnrichment

Updated: 2024-08-07T17:19:48.247Z

cve-icon NVD

Status : Deferred

Published: 2006-03-30T22:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1547

cve-icon Redhat

Severity : Moderate

Publid Date: 2006-03-22T00:00:00Z

Links: CVE-2006-1547 - Bugzilla

cve-icon OpenCVE Enrichment

No data.