CVE-2021-41973

Name: CVE-2021-41973
Creator: NVD / NIST
Published: 2021-11-01T09:15:09.763+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 4.33%

Last modified Jun 17, 2026

CVE-2021-41973 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. EPSS estimates a 4.33% chance of exploitation in the next 30 days.

Description

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Probability

4.33%

90.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Apache	Mina	< 2.0.22
Apache	Mina	>= 2.1.0, < 2.1.5
Oracle	Banking Payments	14.5
Oracle	Banking Trade Finance Process Management	14.5
Oracle	Banking Treasury Management	14.5
Oracle	Communications Cloud Native Core Console	1.9.0
Oracle	Customer Management And Segmentation Foundation	18.0
Oracle	Customer Management And Segmentation Foundation	19.0
Oracle	Flexcube Universal Banking	>= 14.0, <= 14.3
Oracle	Flexcube Universal Banking	14.5
Oracle	Fusion Middleware Common Libraries And Tools	12.2.1.3.0
Oracle	Fusion Middleware Common Libraries And Tools	12.2.1.4.0
Oracle	Fusion Middleware Common Libraries And Tools	14.1.1.0.0
Oracle	Oss Support Tools	2.12.42

References

http://www.openwall.com/lists/oss-security/2021/11/01/2Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/01/8Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3EMailing List, Patch, Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/01/2Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/11/01/8Mailing List, Third Party Advisory
https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3EMailing List, Patch, Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory

Timeline

Published: Nov 1, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-41973?

How severe is CVE-2021-41973?

CVE-2021-41973 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 4.33% probability of exploitation in the next 30 days.

How do I fix CVE-2021-41973?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-41973?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST