Vulnerabilities > CVE-2021-41973 - Infinite Loop vulnerability in multiple products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

apache

oracle

CWE-835

NVD

Published: 2021-11-01

Updated: 2022-05-02

Summary

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Mina 2.0.20 Apache Mina 2.1.1	2
Application	Oracle Oracle Customer Management AND Segmentation Foundation 18.0 Oracle Customer Management AND Segmentation Foundation 19.0 Oracle Banking Trade Finance Process Management 14.5 Oracle Communications Cloud Native Core Console 1.9.0 Oracle Banking Payments 14.5 Oracle Banking Treasury Management 14.5 Oracle Fusion Middleware Common Libraries AND Tools 12.2.1.4.0 Oracle Fusion Middleware Common Libraries AND Tools 14.1.1.0.0 Oracle Fusion Middleware Common Libraries AND Tools 12.2.1.3.0 Oracle OSS Support Tools 2.12.42 Oracle Flexcube Universal Banking 14.0.0 Oracle Flexcube Universal Banking 14.1.0 Oracle Flexcube Universal Banking 14.2.0 Oracle Flexcube Universal Banking 14.5	14

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References