Lucene search

K
nvd[email protected]NVD:CVE-2015-5262
HistoryOct 27, 2015 - 4:59 p.m.

CVE-2015-5262

2015-10-2716:59:07
CWE-399
web.nvd.nist.gov
2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

High

EPSS

0.033

Percentile

91.3%

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

Affected configurations

NVD
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.04
OR
fedoraprojectfedoraMatch21
OR
fedoraprojectfedoraMatch22
OR
fedoraprojectfedoraMatch23
Node
apachehttpclientRange4.3–4.3.5

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

5.8

Confidence

High

EPSS

0.033

Percentile

91.3%