http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubuntu_linux | Canonical | 12.04 (including) | 12.04 (including) |
| Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
| Ubuntu_linux | Canonical | 15.04 (including) | 15.04 (including) |
| Fedora | Fedoraproject | 21 (including) | 21 (including) |
| Fedora | Fedoraproject | 22 (including) | 22 (including) |
| Fedora | Fedoraproject | 23 (including) | 23 (including) |
| Commons-httpclient | Ubuntu | artful | * |
| Commons-httpclient | Ubuntu | bionic | * |
| Commons-httpclient | Ubuntu | cosmic | * |
| Commons-httpclient | Ubuntu | devel | * |
| Commons-httpclient | Ubuntu | disco | * |
| Commons-httpclient | Ubuntu | eoan | * |
| Commons-httpclient | Ubuntu | focal | * |
| Commons-httpclient | Ubuntu | groovy | * |
| Commons-httpclient | Ubuntu | hirsute | * |
| Commons-httpclient | Ubuntu | impish | * |
| Commons-httpclient | Ubuntu | jammy | * |
| Commons-httpclient | Ubuntu | precise | * |
| Commons-httpclient | Ubuntu | trusty | * |
| Commons-httpclient | Ubuntu | vivid | * |
| Commons-httpclient | Ubuntu | wily | * |
| Commons-httpclient | Ubuntu | xenial | * |
| Commons-httpclient | Ubuntu | yakkety | * |
| Commons-httpclient | Ubuntu | zesty | * |
| Httpcomponents-client | Ubuntu | trusty | * |
| Httpcomponents-client | Ubuntu | trusty/esm | * |
| Httpcomponents-client | Ubuntu | upstream | * |
| Httpcomponents-client | Ubuntu | vivid | * |