Vulnerability in Apache Mina
CVE-2021-41973
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expe…
EPSS: 0.043 (89.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H.
Affected products
- Apache Mina
- Apache Software Foundation Mina — versions Apache MINA
- Oracle Banking_payments — versions 14.5
- Oracle Banking_trade_finance_process_management — versions 14.5
- Oracle Banking_treasury_management — versions 14.5
- Oracle Communications_cloud_native_core_console — versions 1.9.0
- Oracle Customer_management_and_segmentation_foundation — versions 18.0, 19.0
- Oracle Flexcube_universal_banking — versions 14.5
- Oracle Fusion_middleware_common_libraries_and_tools — versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
- Oracle Oss_support_tools — versions 2.12.42
Weakness classification (CWE)
References
- security@apache.org (Patch, Mailing List, x_refsource_MISC, Vendor Advisory)
- security@apache.org (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)
- security@apache.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- security@apache.org (Patch, Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-41973?
- CVE-2021-41973 is a medium-severity vulnerability in Apache Mina, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 6.5/10. Published 2021-11-01.
- How severe is CVE-2021-41973?
- Medium severity. CVSS v3 base score is 6.5 out of 10.