Moderate severity vulnerability that affects org.apache.httpcomponents:httpclient

2018-10-17T00:05:29
ID GHSA-FMJ5-WV96-R2CH
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:04

Description

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.