CVE-2015-5262
published 2015-10-27CVE-2015-5262: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an…
medium4.3CVSS 3.0
AVNACMAuNCNINAP
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | httpclient | 4.3 – 4.3.5 | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | commons-httpclient | < commons-httpclient 3.1-12 (bookworm) | commons-httpclient 3.1-12 (bookworm) |
| debian | httpcomponents-client | < commons-httpclient 3.1-12 (bookworm) | commons-httpclient 3.1-12 (bookworm) |
| debian | python-pykmip | < python-pykmip 0.7.0-3 (bookworm) | python-pykmip 0.7.0-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| jenkins | azure_slave_plugin | — | — |
| jenkins | azure_vm_agents_plugin | — | — |
| jenkins | coverity_plugin | — | — |
| jenkins | cppncss_plugin | — | — |
| jenkins | credentials_plugin | — | — |
| jenkins | envinject_plugin | — | — |
| jenkins | environment_injector_plugin | — | — |
| jenkins | gerrit_trigger_plugin | — | — |
| jenkins | git_plugin | — | — |
| jenkins | google_play_android_publisher_plugin | — | — |
| jenkins | ids_in_google_play_android_publisher_plugin | — | — |
| jenkins | improper_access_control_in_gerrit_trigger_plugin | — | — |
| jenkins | job_and_node_ownership_plugin | — | — |
| jenkins | mercurial_plugin | — | — |
| jenkins | testlink_plugin | — | — |
CVSS provenance
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
ghsa4.3MEDIUM
osv5.8MEDIUM