Skip to main content

Mina

3 CVEs product

Monthly

CVE-2024-52046 Maven CRITICAL PATCH Act Now

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache Java Mina
NVD
CVSS 4.0
10.0
EPSS
23.9%
CVE-2021-41973 Maven MEDIUM PATCH This Month

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Mina Banking Payments Banking Trade Finance Process Management +6
NVD
CVSS 3.1
6.5
EPSS
4.3%
CVE-2019-0231 Maven HIGH PATCH This Week

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Mina
NVD
CVSS 3.1
7.5
EPSS
2.2%
EPSS 24% CVSS 10.0
CRITICAL PATCH Act Now

The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Apache +2
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Denial Of Service Mina +8
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apache Mina
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy