CVE-2021-41973: Apache MINA HTTP listener DOS
First published: Mon Nov 01 2021(Updated: )
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache MINA | <2.0.22 | |
| Apache MINA | >=2.1.0<2.1.5 | |
| Oracle Banking Payments | =14.5 | |
| Oracle Banking Trade Finance Process Management | =14.5 | |
| Oracle Banking Treasury Management | =14.5 | |
| Oracle Communications Cloud Native Core Console | =1.9.0 | |
| Oracle Customer Management And Segmentation Foundation | =18.0 | |
| Oracle Customer Management And Segmentation Foundation | =19.0 | |
| Oracle FLEXCUBE Universal Banking | >=14.0<=14.3 | |
| Oracle FLEXCUBE Universal Banking | =14.5 | |
| Oracle Fusion Middleware Common Libraries And Tools | =12.2.1.3.0 | |
| Oracle Fusion Middleware Common Libraries And Tools | =12.2.1.4.0 | |
| Oracle Fusion Middleware Common Libraries And Tools | =14.1.1.0.0 | |
| Oracle OSS Support Tools | =2.12.42 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/type
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/apache
- canonical/apache mina
- version/apache mina/2.1.0
- vendor/oracle
- canonical/oracle banking payments
- version/oracle banking payments/14.5
- canonical/oracle banking trade finance process management
- version/oracle banking trade finance process management/14.5
- canonical/oracle banking treasury management
- version/oracle banking treasury management/14.5
- canonical/oracle communications cloud native core console
- version/oracle communications cloud native core console/1.9.0
- canonical/oracle customer management and segmentation foundation
- version/oracle customer management and segmentation foundation/18.0
- version/oracle customer management and segmentation foundation/19.0
- canonical/oracle flexcube universal banking
- version/oracle flexcube universal banking/14.0
- version/oracle flexcube universal banking/14.3
- version/oracle flexcube universal banking/14.5
- canonical/oracle fusion middleware common libraries and tools
- version/oracle fusion middleware common libraries and tools/12.2.1.3.0
- version/oracle fusion middleware common libraries and tools/12.2.1.4.0
- version/oracle fusion middleware common libraries and tools/14.1.1.0.0
- canonical/oracle oss support tools
- version/oracle oss support tools/2.12.42