oss-sec mailing list archives
[CVE-2019-0231] MINA SSLFilter security Issue
From: Emmanuel Lecharny <elecharny () apache org>
Date: Sun, 14 Apr 2019 08:30:49 +0200
Description: Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear-text messages which were supposed to be encrypted. This security issue is fixed by Apache MINA 2.0.21 or Apache MINA 2.0.21. Please migrate to those new versions. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Current thread:
- [CVE-2019-0231] MINA SSLFilter security Issue Emmanuel Lecharny (Apr 14)