GHSA-fmj5-wv96-r2ch

Source

https://github.com/advisories/GHSA-fmj5-wv96-r2ch

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-fmj5-wv96-r2ch/GHSA-fmj5-wv96-r2ch.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-fmj5-wv96-r2ch

Aliases

CVE-2015-5262

Published

2018-10-17T00:05:29Z

Modified

2024-02-22T05:42:22.050973Z

Summary

Denial of service vulnerability in org.apache.httpcomponents:httpclient

Details

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

References

Affected packages

Maven / org.apache.httpcomponents:httpclient

Package

Name: org.apache.httpcomponents:httpclient; View open source insights on deps.dev
Purl: pkg:maven/org.apache.httpcomponents/httpclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.3.6

Affected versions

4.*

4.0-alpha1

4.0-alpha2

4.0-alpha3

4.0-alpha4

4.0-beta1

4.0-beta2

4.0

4.0.1

4.0.2

4.0.3

4.1-alpha1

4.1-alpha2

4.1-beta1

4.1

4.1.1

4.1.2

4.1.3

4.2-alpha1

4.2-beta1

4.2

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.3-alpha1

4.3-beta1

4.3-beta2

4.3

4.3.1

4.3.2

4.3.3

4.3.4

4.3.5