CVE-2019-0231
Apache MINA SSLFilter security Issue
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.
El manejo del mensaje close_notify de SSL/TLS no conlleva a un cierre de la conexión, conduciendo a que el servidor retenga el socket abierto y que el cliente reciba potencialmente mensajes de texto sin cifrar más tarde. Mitigación: los usuarios de la versión 2.0.20 deberían migrar a la versión 2.0.21, los usuarios de la versión 2.1.0 deberían migrar a la versión 2.1.1. Este problema afecta a: Apache MINA.
A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive information to third-party attackers.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-14 CVE Reserved
- 2019-10-01 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Mina Search vendor "Apache" for product "Mina" | 2.0.20 Search vendor "Apache" for product "Mina" and version "2.0.20" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Mina Search vendor "Apache" for product "Mina" | 2.1.1 Search vendor "Apache" for product "Mina" and version "2.1.1" | - |
Affected
|