Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-8031

CVE-2019-0231 - Vulnerability in Apache MINA

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.3.1
    • 3.2.9, 3.3.2
    • None
    • None

    • **

    • Unknown

    Description

      Below vulnerability had reported on mina-core api.

      CVE-2019-0231 - 'Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear-text messages which were supposed to be encrypted.'

       

      This have an impact on 'cxf-rt-transports-udp' as it is dependent on mina-core. The dependency should be updated to 2.0.21 or 2.1.1/later.

      Attachments

        Activity

          People

            coheigea Colm O hEigeartaigh
            subhashc37 subhash c
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: