CVE-2021-41973

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-11-2021 10:15

Last modified: - 02-05-2022 08:09

Total changes: - 2

Description

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

6.5

Base score

2.8

3.6

Exploitability score

Impact score

Verification logic

vendor=apache AND product=mina AND versionEndExcluding=2.0.22

vendor=apache AND product=mina AND versionStartIncluding=2.1.0 AND versionEndExcluding=2.1.5

vendor=oracle AND product=banking_payments AND version=14.5

vendor=oracle AND product=banking_trade_finance_process_management AND version=14.5

vendor=oracle AND product=banking_treasury_management AND version=14.5

vendor=oracle AND product=communications_cloud_native_core_console AND version=1.9.0

vendor=oracle AND product=customer_management_and_segmentation_foundation AND version=18.0

vendor=oracle AND product=customer_management_and_segmentation_foundation AND version=19.0

vendor=oracle AND product=flexcube_universal_banking AND versionEndIncluding=14.3 AND versionStartIncluding=14.0

vendor=oracle AND product=flexcube_universal_banking AND version=14.5

vendor=oracle AND product=fusion_middleware_common_libraries_and_tools AND version=12.2.1.3.0

vendor=oracle AND product=fusion_middleware_common_libraries_and_tools AND version=12.2.1.4.0

vendor=oracle AND product=fusion_middleware_common_libraries_and_tools AND version=14.1.1.0.0

vendor=oracle AND product=oss_support_tools AND version=2.12.42

Reference

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
[oss-security] 20211101 [ANNOUNCE] Apache MINA 2.0.22 & 2.1.5 released-Mailing List, Patch, Third Party Advisory
[oss-security] 20211101 CVE-2021-41973: Apache MINA HTTP listener DOS-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Keywords

CVE-2021-41973

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-41973

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures