CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-0231

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 71.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019
http://mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019

Products affected by CVE-2019-0231

Apache » Mina » Version: 2.0.20

cpe:2.3:a:apache:mina:2.0.20
Apache » Mina » Version: 2.1.1

cpe:2.3:a:apache:mina:2.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-0231

Products

Pricing

Contact Us