Rewterz Threat Advisory – CVE-2023-41081 – Apache Tomcat Connectors Vulnerability
September 14, 2023Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
September 14, 2023Rewterz Threat Advisory – CVE-2023-41081 – Apache Tomcat Connectors Vulnerability
September 14, 2023Rewterz Threat Advisory – Multiple Apache Airflow Vulnerabilities
September 14, 2023Severity
Medium
Analysis Summary
CVE-2023-41835
Apache Struts is vulnerable to a denial of service, caused by an incomplete cleanup of the struts.multipart.saveDir directory after an upload request is denied. By sending a specially crafted Multipart request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-41835
Affected Vendors
Apache
Affected Products
- Apache Struts 2.5.31
- Apache Struts 6.1.2.1
- Apache Struts 6.3.0
Remediation
Refer to Apache Struts 2 Documentation for patch, upgrade or suggested workaround information.