Launchpad CVE tracker

CVE 2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securitytra...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.ubuntu.com/...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: https://lists.apache.o...
MISC: http://svn.apache.org/...
MISC: http://www.oracle.com/...
MISC: https://bugzilla.redha...
MISC: https://issues.apache....
MISC: https://jenkins.io/sec...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....

Launchpad.net

CVE 2015-5262

Related bugs

References