CVE-2006-1547

KEV

Published: Mar 30, 2006 Last Modified: Ott 22, 2025

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,5

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: none

Integrity: none

Availability: high

HIGH 7,8

Source: [email protected]

Access Vector: network

Access Complexity: low

Authentication: none

Confidentiality: none

Integrity: none

Availability: complete

Description

AI Translation Available

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,1733

Percentile

0,9th

Updated

EPSS Score Trend (Last 90 Days)

749

Exposed Dangerous Method or Function

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control Other

Potential Impacts:

Gain Privileges Or Assume Identity Read Application Data Modify Application Data Execute Unauthorized Code Or Commands Other

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: Low

View CWE Details

Application

Struts by Apache

Product Information

Vendor Apache

Product Struts

Version Range Affected

To 1.2.9 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006…

http://issues.apache.org/bugzilla/show_bug.cgi?id=38534

http://lists.suse.com/archive/suse-security-announce/2006-M…

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

http://secunia.com/advisories/19493

http://secunia.com/advisories/20117

http://securitytracker.com/id?1015856

https://exchange.xforce.ibmcloud.com/vulnerabilities/25613

http://struts.apache.org/struts-doc-1.2.9/userGuide/release…

http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

http://www.securityfocus.com/bid/17342

http://www.vupen.com/english/advisories/2006/1205

http://issues.apache.org/bugzilla/show_bug.cgi?id=38534

http://lists.suse.com/archive/suse-security-announce/2006-M…

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

http://secunia.com/advisories/19493

http://secunia.com/advisories/20117

http://securitytracker.com/id?1015856

https://exchange.xforce.ibmcloud.com/vulnerabilities/25613

http://struts.apache.org/struts-doc-1.2.9/userGuide/release…

http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

http://www.securityfocus.com/bid/17342

http://www.vupen.com/english/advisories/2006/1205

CVE-2006-1547

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Exposed Dangerous Method or Function

Common Consequences

Applicable Platforms

Struts by Apache

Product Information

Iscriviti alla newsletter