Cyber Resilience

CVE-2021-41973

MediumDDoS

Published: 01 November 2021

Published
01 November 2021
Modified
21 November 2024
KEV Added
Patch
01 November 2021
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0215 84.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-41973 is a medium-severity Infinite Loop (CWE-835) vulnerability in Oracle Fusion Middleware Common Libraries And Tools. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 15.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than…

more

expected. Please update MINA to 2.1.5 or greater.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apache
mina
≤ 2.0.22 · 2.1.0 — 2.1.5
oracle
banking payments
14.5
oracle
banking trade finance process management
14.5
oracle
banking treasury management
14.5
oracle
communications cloud native core console
1.9.0
oracle
customer management and segmentation foundation
18.0, 19.0
oracle
flexcube universal banking
14.5 · 14.0 — 14.3
oracle
fusion middleware common libraries and tools
12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
oracle
oss support tools
2.12.42

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-835

Enables transfer to alternate site if an infinite loop at the primary renders processing unavailable.

addresses: CWE-835

Detects and mitigates infinite loops that produce sustained resource consumption.

References