CVE Vulnerabilities

CVE-2015-5262

Published: Oct 27, 2015 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Affected Software

Name Vendor Start Version End Version
Fedora Fedoraproject 22 22
Ubuntu_linux Canonical 12.04 12.04
Ubuntu_linux Canonical 14.04 14.04
Fedora Fedoraproject 23 23
Fedora Fedoraproject 21 21
Ubuntu_linux Canonical 15.04 15.04

References