返回 CVE 浏览器

CVE-2006-1547

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score59.2750%

EPSS Percentile85.05th

Published2006年3月30日

Last Modified2026年4月16日

Vulnerability Description

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Affected Platforms (CPE)

📦

Apache

Struts

< 1.2.9

References & Advisories

🔗 http://issues.apache.org/bugzilla/show_bug.cgi?id=38534

🔗 http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

🔗 http://secunia.com/advisories/19493

🔗 http://secunia.com/advisories/20117

🔗 http://securitytracker.com/id?1015856

🔗 http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html

🔗 http://www.securityfocus.com/bid/17342

🔗 http://www.vupen.com/english/advisories/2006/1205

相关漏洞威胁

CVE-2013-431610.0

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.

CVE-2012-083810.0

Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL expression during the handling of a conversion error, which allows re...

CVE-2020-175309.8

Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software :...

CVE-2021-440779.8

Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulner...