This repository has been archived by the owner on Sep 21, 2021. It is now read-only.
CVE-2015-5262 Medium Severity Vulnerability detected by WhiteSource #5
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
ghost
closed this as This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
CVE-2015-5262 - Medium Severity Vulnerability
HttpComponents Client (base module)
path: /root/.m2/repository/org/apache/httpcomponents/httpclient/4.0.1/httpclient-4.0.1.jar
Library home page: http://hc.apache.org/httpcomponents-client
Dependency Hierarchy:
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Publish Date: 2015-10-27
URL: CVE-2015-5262
Base Score Metrics not available
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1033743
Release Date: 2017-12-31
Fix Resolution: The vendor has issued a fix (4.3.6).
The vendor has also issued a source code fix, available at:
http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.3.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?r1=1560975&r2=1626784
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: