CNNVD-202512-036 Information
CNNVD ID
CNNVD-202512-036
Related CVE
- CNNVD Published: 2025-12-01
Description (Chinese)
Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.0.0版本至6.7.0版本和7.0.0版本至7.0.3版本存在安全漏洞,该漏洞源于多部分请求处理中的文件泄漏,可能导致磁盘耗尽。
Description (English)
Apache Struts, an open-source project of the Apache Foundation in the United States, is an open-source MVC framework for the creation of enterprise-level Java Web applications, which provides two versions of framework products, Struts 1 and Struts 2. There is a security loophole between Appache Struts 2.0 to 6.7.0 and 7.0.0 to 7.0.3, which stems from the leakage of documents in multiple requests, which may lead to disk depletion.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-01
Last Modified
2026-02-24
References
https://cwiki.apache.org/confluence/display/WW/S2-068 http://www.openwall.com/lists/oss-security/2025/12/01/2 https://access.redhat.com/security/cve/cve-2025-64775 https://vigilance.fr/vulnerability/Apache-Struts-overload-via-Multipart-Request-48918
Patch
https://cwiki.apache.org/confluence/display/WW/S2-068
Share on: