2 matches found
CVE-2015-5262
CVE-2015-5262 affects Apache HttpComponents HttpClient prior to 4.3.6 where the http.socket.timeout setting is ignored during SSL handshakes, enabling potential DoS via HTTPS call hangs. IBM-connected docs reference this CVE in IBM StreamSets Data Collector 6.4.0 with a fixed release path, noting...
CVE-2011-1498
CVE-2011-1498 : Apache HttpClient (HttpComponents) 4.x release before 4.1.1 is vulnerable when used with an authenticating proxy; the Proxy-Authorization header is sent to the origin server, potentially logging sensitive credentials and exposing passwords. The description does not specify affecte...