{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-41835","title":"Title"},{"category":"description","text":"When a Multipart request is performed but some of the fields exceed the maxStringLength   limit, the upload files will remain in struts.multipart.saveDir   even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-41835","url":"https://www.suse.com/security/cve/CVE-2023-41835"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1217823 for CVE-2023-41835","url":"https://bugzilla.suse.com/1217823"}],"title":"SUSE CVE CVE-2023-41835","tracking":{"current_release_date":"2025-12-19T01:20:23Z","generator":{"date":"2025-02-14T06:14:51Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-41835","initial_release_date":"2025-02-14T06:14:51Z","revision_history":[{"date":"2025-02-14T06:14:51Z","number":"2","summary":"Current version"},{"date":"2025-02-16T06:07:54Z","number":"3","summary":"Current version"},{"date":"2025-03-13T13:50:33Z","number":"4","summary":"Current version"},{"date":"2025-03-15T06:10:18Z","number":"5","summary":"Current version"},{"date":"2025-04-25T02:27:54Z","number":"6","summary":"Current version"},{"date":"2025-06-07T02:04:30Z","number":"7","summary":"Current version"},{"date":"2025-06-26T01:55:18Z","number":"8","summary":"Current version"},{"date":"2025-08-18T00:55:04Z","number":"9","summary":"Current version"},{"date":"2025-12-17T01:11:05Z","number":"10","summary":"description changed"},{"date":"2025-12-19T01:20:23Z","number":"11","summary":"description changed"}],"status":"interim","version":"11"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Manager Server Module 4.2","product":{"name":"SUSE Manager Server Module 4.2","product_id":"SUSE Manager Server Module 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Server Module 4.3","product":{"name":"SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-suse-manager-server:4.3"}}},{"category":"product_version","name":"struts","product":{"name":"struts","product_id":"struts","product_identification_helper":{"cpe":"cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/struts@?upstream=struts.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"struts as component of SUSE Manager Server Module 4.2","product_id":"SUSE Manager Server Module 4.2:struts"},"product_reference":"struts","relates_to_product_reference":"SUSE Manager Server Module 4.2"},{"category":"default_component_of","full_product_name":{"name":"struts as component of SUSE Manager Server Module 4.3","product_id":"SUSE Manager Server Module 4.3:struts"},"product_reference":"struts","relates_to_product_reference":"SUSE Manager Server Module 4.3"}]},"vulnerabilities":[{"cve":"CVE-2023-41835","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-41835"}],"notes":[{"category":"general","text":"When a Multipart request is performed but some of the fields exceed the maxStringLength   limit, the upload files will remain in struts.multipart.saveDir   even if the request has been denied.\nUsers are recommended to upgrade to versions Struts 2.5.32 or 6.1.2.2 or Struts 6.3.0.1 or greater, which fixe this issue.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Manager Server Module 4.2:struts","SUSE Manager Server Module 4.3:struts"]},"references":[{"category":"external","summary":"CVE-2023-41835","url":"https://www.suse.com/security/cve/CVE-2023-41835"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1217823 for CVE-2023-41835","url":"https://bugzilla.suse.com/1217823"}],"threats":[{"category":"impact","date":"2023-12-05T10:00:09Z","details":"moderate"}],"title":"CVE-2023-41835"}]}