{"id":"UBUNTU-CVE-2019-0231","details":"Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.","modified":"2026-01-20T17:04:39.918182Z","published":"2019-10-01T20:15:00Z","upstream":["CVE-2019-0231"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-0231"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-0231"},{"type":"REPORT","url":"https://github.com/apache/mina/commit/73e881ad935e5aa6080b90585ac8dc8ddfc377e1"}],"affected":[{"package":{"name":"mina","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/mina@1.1.7.dfsg-11?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.7.dfsg-11"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina-java","binary_version":"1.1.7.dfsg-11"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina2","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/mina2@2.0.9-2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.7+dfsg-2","2.0.9-1","2.0.9-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina2-java","binary_version":"2.0.9-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mina@1.1.7.dfsg-12?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.7.dfsg-11","1.1.7.dfsg-12"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina-java","binary_version":"1.1.7.dfsg-12"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina2","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mina2@2.0.16-2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.16-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina2-java","binary_version":"2.0.16-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mina@1.1.7.dfsg-13?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.7.dfsg-13"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina-java","binary_version":"1.1.7.dfsg-13"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina2","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mina2@2.0.19-2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.19-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina2-java","binary_version":"2.0.19-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mina@1.1.7.dfsg-13?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.7.dfsg-13"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina-java","binary_version":"1.1.7.dfsg-13"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}},{"package":{"name":"mina","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/mina@1.1.7.dfsg-13ubuntu1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.7.dfsg-13","1.1.7.dfsg-13ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"libmina-java","binary_version":"1.1.7.dfsg-13ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-0231.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"type":"Ubuntu","score":"medium"}]}