CVE-2006-1547

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 1.2.9

Description: The issue is related to errors in resource release in the getMultipartRequestHandler method of the Apache Struts platform. Exploitation of this issue can allow a remote attacker to cause a denial of service. This can be achieved by sending a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, providing further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.

Recommendations: For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider disabling the getMultipartRequestHandler method until a patch is available. Restrict access to the CommonsMultipartRequestHandler implementation to minimize the risk of exploitation.