Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
References
Link | Resource |
---|---|
http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019 | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2019-09-27T00:00:00
Updated: 2019-10-01T19:39:53
Reserved: 2018-11-14T00:00:00
Link: CVE-2019-0231
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-10-01T20:15:11.010
Modified: 2019-10-08T17:47:22.907
Link: CVE-2019-0231
JSON object: View
Redhat Information
No data.
CWE