rpm package
opensuse/apache-commons-httpclient&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/apache-commons-httpclient&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5262 | — | < 3.1-13.4 | 3.1-13.4 | Oct 27, 2015 | http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | ||
| CVE-2014-3577 | — | < 3.1-13.4 | 3.1-13.4 | Aug 21, 2014 | org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, | ||
| CVE-2012-5783 | — | < 3.1-8.5 | 3.1-8.5 | Nov 4, 2012 | Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m |
- CVE-2015-5262Oct 27, 2015affected < 3.1-13.4fixed 3.1-13.4
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
- CVE-2014-3577Aug 21, 2014affected < 3.1-13.4fixed 3.1-13.4
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,
- CVE-2012-5783Nov 4, 2012affected < 3.1-8.5fixed 3.1-8.5
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows m