Apache Struts Denial of Service Vulnerability
Release Date: 12 Dec 2025
RISK: Medium Risk
TYPE: Servers - Web Servers
A vulnerability was identified in Apache Struts, a remote user can exploit this vulnerability to trigger Denial of Service condition on the targeted system.
Impact
- Denial of Service
System / Technologies affected
- Struts 2.0.0 through Struts 2.3.37 (EOL)
- Struts 2.5.0 through Struts 2.5.33 (EOL)
- Struts 6.0.0 through Struts 6.7.4
- Struts 7.0.0 through Struts 7.0.3
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to Struts 6.8.0 or upgrade to Struts 7.1.1 at least
Workaround:
Mitigate the vulnerability by the following workaround:
Define a temporary folder used to store uploaded files with limited size or on the dedicated volume which won't affect system files. Or disable file upload support in the framework if not used.
沒有留言:
發佈留言