Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41973

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Published

2021-11-01T09:15:09.763

Last Modified

2024-11-21T06:27:00.697

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-835
Type: Primary
CWE-835

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	mina	< 2.0.22	Yes
Application	apache	mina	< 2.1.5	Yes
Application	oracle	banking_payments	14.5	Yes
Application	oracle	banking_trade_finance_process_management	14.5	Yes
Application	oracle	banking_treasury_management	14.5	Yes
Application	oracle	communications_cloud_native_core_console	1.9.0	Yes
Application	oracle	customer_management_and_segmentation_foundation	18.0	Yes
Application	oracle	customer_management_and_segmentation_foundation	19.0	Yes
Application	oracle	flexcube_universal_banking	≤ 14.3	Yes
Application	oracle	flexcube_universal_banking	14.5	Yes
Application	oracle	fusion_middleware_common_libraries_and_tools	12.2.1.3.0	Yes
Application	oracle	fusion_middleware_common_libraries_and_tools	12.2.1.4.0	Yes
Application	oracle	fusion_middleware_common_libraries_and_tools	14.1.1.0.0	Yes
Application	oracle	oss_support_tools	2.12.42	Yes

References

http://www.openwall.com/lists/oss-security/2021/11/01/2 Mailing List, Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/11/01/8 Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E Mailing List, Patch, Vendor Advisory ([email protected])
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2021/11/01/2 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/11/01/8 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E Mailing List, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)