4.3

CVE-2015-5262

Medienbericht
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.04
FedoraprojectFedora Version21
FedoraprojectFedora Version22
FedoraprojectFedora Version23
ApacheHttpclient Version >= 4.3 <= 4.3.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.31% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
12.02.2026 10:31
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.ubuntu.com/usn/USN-2769-1
Third Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00033.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167962.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167999.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168030.html
Third Party Advisory
http://svn.apache.org/viewvc?view=revision&revision=1626784
Vendor Advisory
http://www.securitytracker.com/id/1033743
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1261538
Third Party Advisory
Issue Tracking
https://issues.apache.org/jira/browse/HTTPCLIENT-1478
Vendor Advisory
https://jenkins.io/security/advisory/2018-02-26/
Third Party Advisory