[jira] [Assigned] (CXF-8031) CVE-2019-0231 - Vulnerability in Apache MINA

Colm O hEigeartaigh (JIRA) Tue, 30 Apr 2019 01:22:44 -0700


     [ 
https://issues.apache.org/jira/browse/CXF-8031?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Colm O hEigeartaigh reassigned CXF-8031:
----------------------------------------

    Assignee: Colm O hEigeartaigh

> CVE-2019-0231 - Vulnerability in Apache MINA
> --------------------------------------------
>
>                 Key: CXF-8031
>                 URL: https://issues.apache.org/jira/browse/CXF-8031
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 3.3.1
>         Environment: **
>            Reporter: subhash c
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>
> Below vulnerability had reported on mina-core api.
> *CVE-2019-0231* - '_Handling of the close_notify SSL/TLS message does not 
> lead to a connection closure, leading the server to retain the socket opened 
> and to have the client potentially receive clear-text messages which were 
> supposed to be encrypted._'
>  
> This have an impact on '*cxf-rt-transports-udp*' as it is dependent on 
> mina-core. The dependency should be updated to 2.0.21 or 2.1.1/later.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Assigned] (CXF-8031) CVE-2019-0231 - Vulnerability in Apache MINA

Reply via email to