Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Apache Struts ActionForm Denial-of-Service Vulnerability

Vulnerability

Exploited

Patched

A denial-of-service vulnerability has been identified in Apache Struts versions prior to 1.2.9, when used with BeanUtils 1.7. The issue arises in the ActionForm component, where remote attackers can exploit multipart/form-data encoded forms. By including a parameter that references the public getMultipartRequestHandler method, attackers may disrupt the application's normal operation, potentially causing it to crash or leading to unauthorized access to sensitive information.

Impact

Exploitation of this vulnerability can cause the web application to crash, leading to a denial-of-service condition. Additionally, there is a possibility of gaining access to sensitive information.

Remediation

Users are advised to upgrade to the latest version of Apache Struts (1.2.9 or later) available from the Apache Struts Project website.

Added: Mar 11, 2026, 6:58 PM

Updated: Mar 11, 2026, 6:58 PM

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

8.8

remediation

7.7

relevance

0.0

threat

8.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.4

impact

2.5

exploitability

8.8

remediation

7.7

relevance

0.0

threat

8.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Apache Struts ActionForm Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Struts

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating