CVE-2019-0231

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-0231

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0231.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-0231

Aliases

GHSA-5h29-qq92-wj7f

Related

RHSA-2020:1454

Published

2019-10-01T20:15:11Z

Modified

2024-10-12T04:10:31.022815Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

References

http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019

Affected packages

Git / github.com/apache/mina

Affected ranges

Type: GIT
Repo: https://github.com/apache/mina
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b71555ca2ef33d75f0aea7830079beeb0b92c53a

Last affected

ed33252f2dcc7cfa961aa654e96ab4370e908dce

Affected versions

2.*

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.8

2.0.9

2.1.0

2.1.1