CVE-2023-41835

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-459
View all →

Vulnerability Description

When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been denied. Users are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.

Related Vulnerabilities

CVE-2002-2066

HIGH
CVSS:7.5(High)

BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information tha...

CWE-4592002

CVE-2002-2067

HIGH
CVSS:7.5(High)

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be dele...

CWE-4592002

CVE-2002-2068

HIGH
CVSS:7.5(High)

Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

CWE-4592002

CVE-2002-2069

HIGH
CVSS:7.5(High)

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

CWE-4592002

CVE-2002-2070

HIGH
CVSS:7.5(High)

SecureClean 3 build 2.0 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be d...

CWE-4592002

CVE-2017-0303

HIGH
CVSS:7.5(High)

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections hand...

CWE-4592017