You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Emmanuel Lecharny <el...@apache.org> on 2021/11/01 20:55:37 UTC
CVE-2021-41973: Apache MINA HTTP listener DOS
Severity: critical
Description:
In Apache MINA, a specifically crafted, malformed HTTP request may
cause the HTTP Header decoder to loop indefinitely. The decoder
assumed that the HTTP Header begins at the beginning of the buffer and
loops if there is more data than expected. Please update MINA to
2.1.5 or greater.
References:
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com