4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.033 Low
EPSS
Percentile
91.2%
Package : commons-httpclient
Version : 3.1-9+deb6u2
CVE ID : CVE-2015-5262
Trevin Beattie [1] discovered an issue where one could observe hanging
threads in a multi-threaded Java application. After debugging the issue,
it became evident that the hanging threads were caused by the SSL
initialization code in commons-httpclient.
This upload fixes this issue by respecting the configured SO_TIMEOUT
during SSL handshakes with the server.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1259892
–
mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: [email protected], http://sunweavers.net
Attachment:
signature.asc
Description: Digital signature