First published: Wed Jun 14 2023(Updated: )
Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Struts | <2.5.31 | |
Apache Struts | >=6.0.0<6.1.2.1 | |
IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-34149 is a vulnerability in Apache Struts that can be exploited by a remote attacker to cause a denial of service condition.
IBM QRadar SIEM version 7.5.0 - 7.5.0 UP6 is affected by CVE-2023-34149.
CVE-2023-34149 is caused by a flaw in Apache Struts where it only handles setProperty() but not getProperty(). By sending a specially crafted request, a remote attacker can exploit this vulnerability.
CVE-2023-34149 has a severity value of 7.5, which is considered high.
To fix CVE-2023-34149, it is recommended to update to a version of Apache Struts that handles both setProperty() and getProperty() properly.