You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
CVE-2015-5262 - Medium Severity Vulnerability
Vulnerable Library - httpclient-4.3.5.jar
HttpComponents Client
Library home page: https://hc.apache.org/httpcomponents-client-ga/
Path to dependency file: sample/scan.test/pom.xml
Path to vulnerable library: canner/.m2/repository/org/apache/httpcomponents/httpclient/4.3.5/httpclient-4.3.5.jar
Dependency Hierarchy:
Found in HEAD commit: 08414a25ae5e6304d89ae246186a2c50b04c6d9d
Found in base branch: main
Vulnerability Details
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Publish Date: 2015-10-27
URL: CVE-2015-5262
CVSS 2 Score Details (4.3)
Base Score Metrics not available
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5262
Release Date: 2015-10-27
Fix Resolution: org.apache.httpcomponents:httpclient:4.3.6
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: