oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2019-0231] MINA SSLFilter security Issue

From: Emmanuel Lecharny <elecharny () apache org>
Date: Sun, 14 Apr 2019 08:30:49 +0200
Description: Handling of the close_notify SSL/TLS message does not
lead to a connection closure, leading the server to retain the socket
opened and to have the client potentially receive clear-text messages
which were supposed to be encrypted.

This security issue is fixed by Apache MINA 2.0.21 or Apache MINA
2.0.21. Please migrate to those new versions.



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Previous By Date Next
Previous By Thread Next

Current thread: