CVE-2019-0231

CWE-319 — Cleartext Transmission9 documents8 sources

Severity

7.5HIGH

EPSS

0.7%

top 27.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Mina Apache Mina

Timeline

PublishedOct 1

Latest updateApr 15

Description

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Mavenorg.apache.mina:mina-core2.1.0 — 2.1.1+1

▶NVDapache/mina2.0.20, 2.1.1+1

▶CVEListV5apache_software_foundation/apache_minaApache MINA 2.0 2.0.21, Apache MINA 2.1 2.1.0+1

▶Debianmina2< 2.1.4-1+3

🔴Vulnerability Details

GHSA

Cleartext Transmission of Sensitive Information in Apache MINA↗2022-05-24

▶

OSV

Cleartext Transmission of Sensitive Information in Apache MINA↗2022-05-24

▶

OSV

CVE-2019-0231: Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the cli↗2019-10-01

▶

CVEList

Apache MINA SSLFilter security Issue↗2019-10-01

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Apache Mina) — CVE-2019-0231↗2024-04-15

▶

Red Hat

mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.↗2019-04-14

▶

Debian

CVE-2019-0231: mina - Handling of the close_notify SSL/TLS message does not lead to a connection closu...↗2019

▶

💬Community

Bugzilla

CVE-2019-0231 mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.↗2019-04-15

▶