CVE-2015-5262 Medium Severity Vulnerability detected by WhiteSource #2
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2015-5262 - Medium Severity Vulnerability
path: 2/repository/org/apache/httpcomponents/httpclient/4.3.1/httpclient-4.3.1.jar
Library home page: http://hc.apache.org/httpcomponents-client
Dependency Hierarchy:
Found in commit: f396e60bf74726f66a202d308a1f2865177e4bee
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Publish Date: 2015-10-27
URL: CVE-2015-5262
Base Score Metrics not available
Type: Upgrade version
Origin: http://www.securitytracker.com/id/1033743
Release Date: 2017-12-31
Fix Resolution: The vendor has issued a fix (4.3.6).
The vendor has also issued a source code fix, available at:
http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.3.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?r1=1560975&r2=1626784
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: