Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-8dws-9ubs-qqcg
Summary
Improper Input Validation in Apache Struts
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
Aliases
0
alias CVE-2006-1547
1
alias GHSA-7qwv-cwgj-c8rj
Fixed_packages
0
url pkg:maven/struts/struts@1.2.9
purl pkg:maven/struts/struts@1.2.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-dk2f-14xj-9bf8
2
vulnerability VCID-g2gb-x2nh-2bgz
3
vulnerability VCID-jjre-tuhb-4yat
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-s3uq-35pj-byhy
7
vulnerability VCID-vk8c-a1za-w3cd
8
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.2.9
Affected_packages
0
url pkg:maven/struts/struts@1.0.2
purl pkg:maven/struts/struts@1.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-v9xj-szyz-3ufy
7
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.0.2
1
url pkg:maven/struts/struts@1.1-beta-2
purl pkg:maven/struts/struts@1.1-beta-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-v9xj-szyz-3ufy
7
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.1-beta-2
2
url pkg:maven/struts/struts@1.1-b2-20021124
purl pkg:maven/struts/struts@1.1-b2-20021124
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-v9xj-szyz-3ufy
7
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.1-b2-20021124
3
url pkg:maven/struts/struts@1.1-b3
purl pkg:maven/struts/struts@1.1-b3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-v9xj-szyz-3ufy
7
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.1-b3
4
url pkg:maven/struts/struts@1.1-rc1
purl pkg:maven/struts/struts@1.1-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-v9xj-szyz-3ufy
7
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.1-rc1
5
url pkg:maven/struts/struts@1.1-rc2
purl pkg:maven/struts/struts@1.1-rc2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-nur4-1g8a-57ew
5
vulnerability VCID-ppuk-knqn-tfc6
6
vulnerability VCID-v9xj-szyz-3ufy
7
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.1-rc2
6
url pkg:maven/struts/struts@1.1
purl pkg:maven/struts/struts@1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-jjre-tuhb-4yat
5
vulnerability VCID-nur4-1g8a-57ew
6
vulnerability VCID-ppuk-knqn-tfc6
7
vulnerability VCID-s3uq-35pj-byhy
8
vulnerability VCID-v9xj-szyz-3ufy
9
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.1
7
url pkg:maven/struts/struts@1.2.2
purl pkg:maven/struts/struts@1.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-jjre-tuhb-4yat
5
vulnerability VCID-nur4-1g8a-57ew
6
vulnerability VCID-ppuk-knqn-tfc6
7
vulnerability VCID-s3uq-35pj-byhy
8
vulnerability VCID-v9xj-szyz-3ufy
9
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.2.2
8
url pkg:maven/struts/struts@1.2.4
purl pkg:maven/struts/struts@1.2.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-jjre-tuhb-4yat
5
vulnerability VCID-nur4-1g8a-57ew
6
vulnerability VCID-ppuk-knqn-tfc6
7
vulnerability VCID-s3uq-35pj-byhy
8
vulnerability VCID-v9xj-szyz-3ufy
9
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.2.4
9
url pkg:maven/struts/struts@1.2.7
purl pkg:maven/struts/struts@1.2.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-jjre-tuhb-4yat
5
vulnerability VCID-nur4-1g8a-57ew
6
vulnerability VCID-ppuk-knqn-tfc6
7
vulnerability VCID-s3uq-35pj-byhy
8
vulnerability VCID-v9xj-szyz-3ufy
9
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.2.7
10
url pkg:maven/struts/struts@1.2.8
purl pkg:maven/struts/struts@1.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4wwa-j9p2-9be1
1
vulnerability VCID-8dws-9ubs-qqcg
2
vulnerability VCID-ffbg-tkyw-ufad
3
vulnerability VCID-g2gb-x2nh-2bgz
4
vulnerability VCID-jjre-tuhb-4yat
5
vulnerability VCID-nur4-1g8a-57ew
6
vulnerability VCID-ppuk-knqn-tfc6
7
vulnerability VCID-s3uq-35pj-byhy
8
vulnerability VCID-v9xj-szyz-3ufy
9
vulnerability VCID-wqjz-93pk-pbg7
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/struts/struts@1.2.8
References
0
reference_url http://issues.apache.org/bugzilla/show_bug.cgi?id=38534
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url http://issues.apache.org/bugzilla/show_bug.cgi?id=38534
1
reference_url http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1547.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-1547.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2006-1547
reference_id
reference_type
scores
0
value 0.15372
scoring_system epss
scoring_elements 0.9464
published_at 2026-04-11T12:55:00Z
1
value 0.15372
scoring_system epss
scoring_elements 0.94644
published_at 2026-04-13T12:55:00Z
2
value 0.15372
scoring_system epss
scoring_elements 0.94636
published_at 2026-04-09T12:55:00Z
3
value 0.15372
scoring_system epss
scoring_elements 0.94632
published_at 2026-04-08T12:55:00Z
4
value 0.15372
scoring_system epss
scoring_elements 0.94606
published_at 2026-04-01T12:55:00Z
5
value 0.15372
scoring_system epss
scoring_elements 0.94613
published_at 2026-04-02T12:55:00Z
6
value 0.15372
scoring_system epss
scoring_elements 0.94621
published_at 2026-04-07T12:55:00Z
7
value 0.15372
scoring_system epss
scoring_elements 0.9462
published_at 2026-04-04T12:55:00Z
8
value 0.15372
scoring_system epss
scoring_elements 0.94652
published_at 2026-04-16T12:55:00Z
9
value 0.22192
scoring_system epss
scoring_elements 0.95817
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2006-1547
4
reference_url http://secunia.com/advisories/19493
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url http://secunia.com/advisories/19493
5
reference_url http://secunia.com/advisories/20117
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url http://secunia.com/advisories/20117
6
reference_url http://securitytracker.com/id?1015856
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url http://securitytracker.com/id?1015856
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/25613
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url https://exchange.xforce.ibmcloud.com/vulnerabilities/25613
8
reference_url https://github.com/apache/struts
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/struts
9
reference_url http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:P/P:M/B:A/M:M/D:A/2025-02-07T13:35:54Z/
url http://struts.apache.org/struts-doc-1.2.9/userGuide/release-notes.html
10
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-1547
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-1547
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1618045
reference_id 1618045
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1618045
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2006-1547
reference_id CVE-2006-1547
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2006-1547
13
reference_url https://github.com/advisories/GHSA-7qwv-cwgj-c8rj
reference_id GHSA-7qwv-cwgj-c8rj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qwv-cwgj-c8rj
14
reference_url https://access.redhat.com/errata/RHSA-2006:0281
reference_id RHSA-2006:0281
reference_type
scores
url https://access.redhat.com/errata/RHSA-2006:0281
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 749
name Exposed Dangerous Method or Function
description The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
0
date_added 2022-01-21
description ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).
required_action Apply updates per vendor instructions.
due_date 2022-07-21
notes https://nvd.nist.gov/vuln/detail/CVE-2006-1547
known_ransomware_campaign_use false
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
Severity_range_score7.0 - 8.9
Exploitability2.0
Weighted_severity8.0
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-8dws-9ubs-qqcg