CVE-2019-0231

CVE-2019-0231: Apache MINA SSLFilter security Issue

Vendor Apache Software Foundation

Product Apache MINA

Published October 1, 2019

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

Key dates

02Disclosure timeline

October 1, 2019 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-0231

Identifiers

CVE CVE-2019-0231

Affected versions

Vendor Apache Software Foundation

Product Apache MINA

Affected Apache MINA 2.1 2.1.0

Vendor Apache Software Foundation

Product Apache MINA

Affected Apache MINA 2.0 2.0.21