ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
| Link | Tags |
|---|---|
| http://securitytracker.com/id?1015856 | vdb entry broken link third party advisory |
| http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html | vendor advisory exploit broken link patch |
| http://www.vupen.com/english/advisories/2006/1205 | broken link vdb entry |
| http://www.securityfocus.com/bid/17342 | vdb entry broken link third party advisory |
| http://secunia.com/advisories/19493 | broken link third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25613 | third party advisory vdb entry |
| http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html | broken link vendor advisory |
| http://secunia.com/advisories/20117 | broken link third party advisory |
| http://issues.apache.org/bugzilla/show_bug.cgi?id=38534 | issue tracking broken link |