apache mina CVE-2021-41973 in Apache and Oracle Products
Published on November 1, 2021

Apache MINA HTTP listener DOS

product logo product logo
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

NVD

Weakness Type

What is an Infinite Loop Vulnerability?

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. If the loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory.

CVE-2021-41973 has been classified to as an Infinite Loop vulnerability or weakness.


Products Associated with CVE-2021-41973

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-41973 are published in these products:

Apache Mina
 
Oracle Banking Payments
 
Oracle Banking Trade Finance Process Management
 
Oracle Banking Treasury Management
 
Oracle Communications Cloud Native Core Console
 
Oracle Customer Management Segmentation Foundation
 
Oracle Flexcube Universal Banking
 
Oracle Fusion Middleware Common Libraries Tools
 
Oracle Oss Support Tools
 
Oracle
 

Affected Versions

Apache Software Foundation Apache MINA:

Exploit Probability

EPSS
0.63%
Percentile
69.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.