⚠ Actively exploited
Added to CISA KEV on 2022-01-21. Federal agencies required to patch by 2022-07-21. Required action: Apply updates per vendor instructions..

CVE-2006-1547Exposed Dangerous Method or Function in Apache Struts

CWE-749Exposed Dangerous Method or FunctionCWE-20Improper Input Validation11 documents8 sources
Severity
7.5HIGHNVD
EPSS
15.4%
top 5.35%
CISA KEV
KEV
Added 2022-01-21
Due 2022-07-21
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Apache Struts
Timeline
PublishedMar 30
KEV addedJan 21
Latest updateMay 1
KEV dueJul 21
CISA Required Action: Apply updates per vendor instructions.

Description

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDapache/struts< 1.2.9

Patches

Patch: struts.apache.orgPatch: struts.apache.org

🔴Vulnerability Details

4
GHSA
Improper Input Validation in Apache Struts2022-05-01
OSV
Improper Input Validation in Apache Struts2022-05-01
CVEList
CVE-2006-1547: ActionForm in Apache Software Foundation (ASF) Struts before 12006-03-30
VulnCheck
Apache Struts 1 ActionForm Denial-of-Service Vulnerability2006

📋Vendor Advisories

2
CISA
Apache Struts 1 ActionForm Denial-of-Service Vulnerability2022-01-21
Red Hat
security flaw2006-03-22

💬Community

4
Bugzilla
CVE-2006-1547 security flaw2018-08-16
Bugzilla
CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)2006-08-15
Bugzilla
CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)2006-03-31
Bugzilla
CVE-2006-1546 Struts multiple issues (CVE-2006-1547, CVE-2006-1548)2006-03-31
CVE-2006-1547 — Exposed Dangerous Method or Function | cvebase