Vulnerability in Apache Struts
CVE-2019-0233
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
EPSS: 0.701 (99.3th percentile) — read the EPSS interpretation.
Affected products
- N/a Apache Struts — versions Apache Struts 2.0.0 to 2.5.20
Public proof-of-concept exploits
References
- cwiki.apache.org/confluence/display/ww/s2-060 (x_refsource_MISC)
- www.oracle.com/security-alerts/cpujan2021.html (x_refsource_MISC)
- launchpad.support.sap.com/ (x_refsource_MISC)
- www.oracle.com/security-alerts/cpuApr2021.html (x_refsource_MISC)
- www.oracle.com/security-alerts/cpuoct2021.html (x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-0233?
- CVE-2019-0233 is a vulnerability in Apache Struts. Published 2020-09-14.
- Is CVE-2019-0233 known to be exploited?
- 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.