CVE-2021-41973 : Security Advisory and Response
Learn about CVE-2021-41973 affecting Apache MINA HTTP listener, allowing crafted HTTP requests to induce an infinite loop in the decoder. Find mitigation steps and impacted versions.
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. This vulnerability has been rated as critical.