You are viewing a plain text version of this content. The canonical link for it is here.

Posted to announce@apache.org by Emmanuel Lecharny <el...@apache.org> on 2021/11/01 20:55:37 UTC

CVE-2021-41973: Apache MINA HTTP listener DOS

Severity: critical

Description:

In Apache MINA, a specifically crafted, malformed HTTP request may
cause the HTTP Header decoder to loop indefinitely.  The decoder
assumed that the HTTP Header begins at the beginning of the buffer and
loops if there is more data than expected.  Please update MINA to
2.1.5 or greater.

References:

https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com