[CXF-8031] CVE-2019-0231 - Vulnerability in Apache MINA - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.1
Fix Version/s: 3.2.9, 3.3.2
Component/s: None
Labels:
None
Environment:

**

Estimated Complexity:
Unknown

Description

Below vulnerability had reported on mina-core api.

CVE-2019-0231 - 'Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear-text messages which were supposed to be encrypted.'

This have an impact on 'cxf-rt-transports-udp' as it is dependent on mina-core. The dependency should be updated to 2.0.21 or 2.1.1/later.

Attachments

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: subhash c

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 30/Apr/19 06:22

Updated:: 13/May/19 18:08

Resolved:: 30/Apr/19 08:22