Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2019-10-01T19:39:53.189123Z

Updated: 2024-09-17T03:14:11.161Z

Reserved: 2018-11-14T00:00:00

Link: CVE-2019-0231

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2019-10-01T20:15:11.010

Modified: 2019-10-08T17:47:22.907

Link: CVE-2019-0231

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-04-14T00:00:00Z

Links: CVE-2019-0231 - Bugzilla