Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-5262

Published: 27/10/2015 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 385
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Fedoraproject

Vulnerability Summary

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient prior to 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote malicious users to cause a denial of service (HTTPS call hang) via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fedoraproject fedora 22

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

fedoraproject fedora 23

fedoraproject fedora 21

canonical ubuntu linux 15.04

apache httpclient

Vendor Advisories

Debian CVElist Bug Report Logs: python-pykmip: CVE-2018-1000872
Debian Bug report logs - #917030 python-pykmip: CVE-2018-1000872 Package: src:python-pykmip; Maintainer for src:python-pykmip is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 21 Dec 2018 18:15:02 UTC Severity: grave Tags: fixed-upstream, patch, ...
Debian CVElist Bug Report Logs: CVE-2015-5262: https calls ignore http.socket.timeout during SSL Handshake
Debian Bug report logs - #798650 CVE-2015-5262: https calls ignore httpsockettimeout during SSL Handshake Package: src:commons-httpclient; Maintainer for src:commons-httpclient is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Guido Günther <agx@sigxcpuorg> Date: Fri, 11 Sep 2 ...
Ubuntu Security Notice: commons-httpclient vulnerabilities
Several security issues were fixed in commons-httpclient ...

Github Repositories

https://github.com/whispir/whispir-java-sdk

Java based SDK for the Whispir.io API

Whispir's SDK for Java Whispir's SDK allows Java Developers to get up and running with Whispir's API quickly Follow the instructions below to include the dependencies in your project If you've got any questions feel free to raise a Issue or fix an issue using the Pull requests Installing with Maven Users can easily include the Whispir dependency in their p

https://github.com/albfernandez/commons-httpclient-3

Old Commons HttpClient 3.x

Apache HttpComponents Commons HttpClient Welcome to the Commons HttpClient component of the Apache HttpComponents project Licensing Apache HttpComponents Commons HttpClient is licensed under the Apache License 20 See the files called LICENSEtxt and NOTICEtxt for more information About this repo This repo is a fork of HttpClient 3x with the latest svn changes and security

https://github.com/rm-hull/lein-nvd

National Vulnerability Database dependency checker for Clojure projects

nvd-clojure Formerly known as lein-nvd National Vulnerability Database dependency checker tool For a given project, all the jar files from its classpath will be checked for known security vulnerabilities nvd-clojure passes them to a library called DependencyCheck which does the vulnerability analysis Quoting the README from that library: DependencyCheck is a utility th

https://github.com/rm-hull/nvd-clojure

National Vulnerability Database dependency checker for Clojure projects

nvd-clojure Formerly known as lein-nvd National Vulnerability Database dependency checker tool For a given project, all the jar files from its classpath will be checked for known security vulnerabilities nvd-clojure passes them to a library called DependencyCheck which does the vulnerability analysis Quoting the README from that library: DependencyCheck is a utility th

https://github.com/argon-gh-demo/clojure-sample

nvd-clojure Formerly known as lein-nvd National Vulnerability Database dependency checker tool For a given project, all the jar files from its classpath will be checked for known security vulnerabilities nvd-clojure passes them to a library called DependencyCheck which does the vulnerability analysis Quoting the README from that library: DependencyCheck is a utility th

References

CWE-399https://bugzilla.redhat.com/show_bug.cgi?id=1261538http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167962.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1626784http://www.ubuntu.com/usn/USN-2769-1http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168030.htmlhttps://issues.apache.org/jira/browse/HTTPCLIENT-1478http://www.securitytracker.com/id/1033743http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167999.htmlhttps://jenkins.io/security/advisory/2018-02-26/http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.htmlhttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917030https://usn.ubuntu.com/2769-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook