Apache MINA HTTP listener DOS
CVE-2021-41973

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Mina
Vendor: CVE Published:; 1 November 2021

Summary

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Affected Version(s)

Apache MINA Apache MINA < 2.1.5

References

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2021/11/01/2

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2021/11/01/8

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 1, 2021
Vulnerability Reserved
Oct 4, 2021

.