Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2021-41973

Published: 01/11/2021 Updated: 02/05/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Mina

Vulnerability Summary

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache mina

oracle customer management and segmentation foundation 18.0

oracle banking trade finance process management 14.5

oracle communications cloud native core console 1.9.0

oracle banking payments 14.5

oracle banking treasury management 14.5

oracle customer management and segmentation foundation 19.0

oracle fusion middleware common libraries and tools 12.2.1.4.0

oracle fusion middleware common libraries and tools 14.1.1.0.0

oracle oss support tools 2.12.42

oracle fusion middleware common libraries and tools 12.2.1.3.0

oracle flexcube universal banking

oracle flexcube universal banking 14.5

Mailing Lists

Full Disclosure: [ANNOUNCE] Apache MINA 2.0.22 & 2.1.5 released
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [ANNOUNCE] Apache MINA 2022 &amp; 215 released <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Emmanuel Lecha ...

References

CWE-835https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/11/01/2http://www.openwall.com/lists/oss-security/2021/11/01/8https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://nvd.nist.govhttp://seclists.org/oss-sec/2021/q4/76
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook