CVE-2006-1547

CVE Database · CVE-2006-1547

CVE-2006-1547

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

54.63%

Published

Mar 30, 2006

Modified

Apr 16, 2026

CISA Known Exploited Vulnerability

Added: 2022-01-21 · Due: 2022-07-21

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses (CWE)

CWE-749

Affected Products (2)

apache · struts (up to 1.2.9)vulnerable

apache · commons_beanutils

References (19)

http://issues.apache.org/bugzilla/show_bug.cgi?id=38534

Issue TrackingPermissions Required

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

Broken Link