Apache Struts Denial of Service

HIGH (8.2)
cwe-459apachedenial-of-servicejavamavenrcestruts

Threat Intelligence

Low Risk
EPSS Score: 0.04% chance of exploitation (percentile: 11%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

Apache Struts is a popular Java-based framework used for building enterprise-level web applications. This vulnerability, known as the Apache Struts denial-of-service (DoS) issue, allows attackers to cause disk exhaustion by exploiting a file leak in multipart request processing.

Am I affected?

You're affected if you use Denial of Service vulnerability. Affected versions: 7.0.3, 6.7.4

Affected Packages

maven: org.apache.struts:struts2-core

How to fix

To fix this issue, upgrade to Apache Struts version 6.8.0 or 7.1.1 from the official Apache website: https://struts.apache.org/downloads.html. If an immediate upgrade isn't possible, consider the following mitigations:

  • Restrict network access to your Struts instance (firewall it from the public internet)
  • Audit admin account activity for suspicious access patterns
  • Monitor for unauthorized token creation

References