oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2021-41973: Apache MINA HTTP listener DOS

From: Emmanuel Lecharny <elecharny () apache org>
Date: Mon, 1 Nov 2021 21:44:31 +0100
Severity: critical

Description:

In Apache MINA, a specifically crafted, malformed HTTP request may
cause the HTTP Header decoder to loop indefinitely. The decoder
assumed that the HTTP Header begins at the beginning of the buffer and
loops if there is more data than expected. Please update MINA to 2.1.5
or greater.

References:

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Previous By Date Next
Previous By Thread Next

Current thread: