ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| struts:struts(Maven) | 0 | 1.2.9 | N/A |
CVSS Metrics
