CVE-2019-0231 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Mina	2.0.20

Related Weaknesses (CWE)

CWE-319

References

http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posteRelease NotesVendor Advisory
http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posteRelease NotesVendor Advisory

FAQ

What is CVE-2019-0231?

CVE-2019-0231 is a vulnerability with a CVSS score of 7.5 (HIGH). Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterw...

How severe is CVE-2019-0231?

CVE-2019-0231 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0231?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Mina.