You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cxf.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2019/04/30 08:23:00 UTC

[jira] [Resolved] (CXF-8031) CVE-2019-0231 - Vulnerability in Apache MINA

     [ https://issues.apache.org/jira/browse/CXF-8031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh resolved CXF-8031.
--------------------------------------
       Resolution: Fixed
    Fix Version/s: 3.3.2
                   3.2.9

> CVE-2019-0231 - Vulnerability in Apache MINA
> --------------------------------------------
>
>                 Key: CXF-8031
>                 URL: https://issues.apache.org/jira/browse/CXF-8031
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.3.1
>         Environment: **
>            Reporter: subhash c
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: 3.2.9, 3.3.2
>
>
> Below vulnerability had reported on mina-core api.
> *CVE-2019-0231* - '_Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear-text messages which were supposed to be encrypted._'
>  
> This have an impact on '*cxf-rt-transports-udp*' as it is dependent on mina-core. The dependency should be updated to 2.0.21 or 2.1.1/later.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)