Lucene search
Ubuntu.comUB:CVE-2015-5262HistorySep 30, 2015 - 12:00 a.m.
CVE-2015-5262
2015-09-3000:00:00
ubuntu.com
ubuntu.com
8
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.033 Low
EPSS
Percentile
91.2%
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents
HttpClient before 4.3.6 ignores the http.socket.timeout configuration
setting during an SSL handshake, which allows remote attackers to cause a
denial of service (HTTPS call hang) via unspecified vectors.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798650>
- <https://bugzilla.redhat.com/show_bug.cgi?id=1259892>
- <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5262>
- <https://issues.apache.org/jira/browse/HTTPCLIENT-1478>
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced in httpcomponents-client 4.3.0 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 17.10 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 18.04 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 18.10 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 19.04 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 19.10 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 20.04 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 20.10 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 21.04 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 21.10 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
| ubuntu | 22.04 | noarch | commons-httpclient | < 3.1-11ubuntu1 | UNKNOWN |
Related
fedora
fedora
[SECURITY] Fedora 23 Update: jakarta-commons-httpclient-3.1-23.fc23
2015-10-01 16:55:47
[SECURITY] Fedora 21 Update: jakarta-commons-httpclient-3.1-20.fc21
2015-10-01 20:27:13
[SECURITY] Fedora 22 Update: jakarta-commons-httpclient-3.1-23.fc22
2015-10-01 18:59:42
nessus
nessus
Fedora 22 : jakarta-commons-httpclient-3.1-23.fc22 (2015-15589)
2015-10-02 00:00:00
Fedora 23 : jakarta-commons-httpclient-3.1-23.fc23 (2015-15590)
2015-10-02 00:00:00
EulerOS 2.0 SP2 : httpcomponents-client (EulerOS-SA-2019-2518)
2019-12-04 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2019-2397)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-322-1)
2023-03-08 00:00:00
Fedora Update for jakarta-commons-httpclient FEDORA-2015-15589
2015-10-02 00:00:00
debian
debian
[SECURITY] [DLA 322-1] commons-httpclient security update
2015-10-01 08:24:15
prion
prion
Design/Logic Flaw
2015-10-27 16:59:00
Design/Logic Flaw
2018-12-20 17:29:00
debiancve
debiancve
CVE-2015-5262
2015-10-27 16:59:00
CVE-2018-1000872
2018-12-20 17:29:00
github
github
Denial of service vulnerability in org.apache.httpcomponents:httpclient
2018-10-17 00:05:29
PyKMIP Denial of service vulnerability
2018-12-21 17:46:39
securityvulns
securityvulns
Apache Commons HttpClient DoS
2015-10-25 00:00:00
[USN-2769-1] Apache Commons HttpClient
2015-10-25 00:00:00
osv
osv
Denial of service vulnerability in org.apache.httpcomponents:httpclient
2018-10-17 00:05:29
PYSEC-2018-22
2018-12-20 17:29:00
CVE-2018-1000872
2018-12-20 17:29:00
cve
cve
CVE-2015-5262
2015-10-27 16:59:00
CVE-2018-1000872
2018-12-20 17:29:00
mageia
mageia
redhatcve
redhatcve
CVE-2018-1000872
2019-01-11 21:19:42
ibm
ibm
Security Bulletin: Vulnerability from Apache HttpComponents affects IBM Cloud Pak System (CVE-2011-1498, CVE-2015-5262)
2020-05-06 11:57:04
suse
suse
Security update for apache-commons-httpclient (important)
2020-11-08 00:00:00
Security update for apache-commons-httpclient (important)
2020-11-07 00:00:00
ubuntucve
ubuntucve
CVE-2018-1000872
2018-12-20 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0141
2020-09-17 00:00:00
Moderate Photon OS Security Update - PHSA-2020-3.0-0141
2020-09-17 00:00:00
ubuntu
ubuntu
Apache Commons HttpClient vulnerabilities
2015-10-14 00:00:00
oracle
oracle
CPU July 2018
2018-07-17 00:00:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.033 Low
EPSS
Percentile
91.2%
Related for UB:CVE-2015-5262