Lucene search

Veracode Vulnerability DatabaseVERACODE:13636

HistoryApr 15, 2019 - 1:36 a.m.

Information Disclosure

2019-04-1501:36:29

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

apache MINA is vulnerable to information disclosure. close_notify SSL/TLS messages are not handled properly and does not lead to a connection closure. This causes the server to keep the socket open, allowing the client to potentially receive clear-text messages that should have been encrypted.

CPENameOperatorVersion
apache mina coreeq2.1.0
apache mina corele2.0.20
minale2.0.12

Name	Operator	Version
apache mina core	eq	2.1.0
apache mina core	le	2.0.20
mina	le	2.0.12

References

mail-archives.apache.org/mod_mbox/www-announce/201904.mbox/%3CCAG8=FRiDmUtkQOAe29SY9qHo8sMY9cB2djtp4BXk8Fi7uU+=YA@mail.gmail.com%3E

mina.apache.org/mina-project/index.html#mina-211-mina-2021-released-posted-on-april-14-2019

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

Related for VERACODE:13636