CVE-2019-0231

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Apache MINA versions prior to 2.0.21 Apache MINA versions 2.1.0

Description: The issue arises from the handling of the close notify SSL/TLS message, which does not result in a connection closure. As a consequence, the server retains the opened socket, and the client may potentially receive clear text messages afterward.

Recommendations: For Apache MINA version 2.0.20, migrate to version 2.0.21. For Apache MINA version 2.1.0, migrate to version 2.1.1.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

BDU:2025-08607

CVE-2019-0231

GHSA-5H29-QQ92-WJ7F

RHSA-2020:1454

Affected Products

Apache Mina

Debian

Red Os

CVE-2019-0231

Weakness Enumeration

Related Identifiers

Affected Products

References · 17