ID CVE-2015-5262
Summary http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:httpclient:4.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:httpclient:4.3.5:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 08-11-2020 - 13:15)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
confirm
fedora
  • FEDORA-2015-15588
  • FEDORA-2015-15589
  • FEDORA-2015-15590
mlist
  • [drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities
  • [drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
  • [drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities
sectrack 1033743
suse
  • openSUSE-SU-2020:1873
  • openSUSE-SU-2020:1875
ubuntu USN-2769-1
Last major update 08-11-2020 - 13:15
Published 27-10-2015 - 16:59
Last modified 08-11-2020 - 13:15
Back to Top