Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through 7.0.3. Users are recommended to upgrade to version 6.8.0 or 7.1.1, which fixes the issue. It's related to https://cve.org/CVERecord?id=CVE-2025-64775 - this CVE addresses missing affected version 6.7.4
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HApache Struts
APPApache2.0.0 – 2.3.372.5.0 – 2.5.336.0.0 – 6.8.0 (bez)7.0.0 – 7.1.1 (bez)
Powiązane podatności
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution....
The Struts 1 plugin in Apache Struts 2.1.x and 2.3.x might allow remote code execution via a malicious field v...
The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect ex...
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a paramet...
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressio...