CNNVD-202512-1996 Information
CNNVD ID
CNNVD-202512-1996
Related CVE
- CNNVD Published: 2025-12-10
Description (Chinese)
Apache Struts是美国阿帕奇(Apache)基金会的一个开源项目,是一套用于创建企业级Java Web应用的开源MVC框架,主要提供两个版本框架产品,Struts 1和Struts 2。 Apache Struts 2.0.0版本至6.7.4版本和7.0.0版本至7.0.3版本存在安全漏洞,该漏洞源于文件泄露,可能导致磁盘耗尽。
Description (English)
Apache Struts, an open-source project of the Apache Foundation in the United States, is an open-source MVC framework for the creation of enterprise-level Java Web applications, which provides two versions of framework products, Struts 1 and Struts 2. There is a security loophole between Appache Struts 2.0.0 to 6.7.4 and 7.0.0 to 7.0.3, which originates from a document leak and may lead to disk depletion.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
阿帕奇
Published
2025-12-10
Last Modified
2026-02-24
References
https://cwiki.apache.org/confluence/display/WW/S2-068 https://cve.org/CVERecord?id=CVE-2025-64775 https://vigilance.fr/vulnerability/Apache-Struts-overload-via-Multipart-Request-49048
Patch
https://struts.apache.org/download.cgi
Share on: