CyberSec.Space Logo
Back to CVE Browser

CVE-2006-1547

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score59.2750%
EPSS Percentile85.05th
PublishedMar 30, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Affected Platforms (CPE)

πŸ“¦
Apache

Struts

< 1.2.9

References & Advisories

πŸ”— http://issues.apache.org/bugzilla/show_bug.cgi?id=38534
πŸ”— http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
πŸ”— http://secunia.com/advisories/19493
πŸ”— http://secunia.com/advisories/20117
πŸ”— http://securitytracker.com/id?1015856
πŸ”— http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html
πŸ”— http://www.securityfocus.com/bid/17342
πŸ”— http://www.vupen.com/english/advisories/2006/1205

Related Vulnerabilities

CVE-2013-431610.0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...