rpm package
suse/apache-commons-httpclient&distro=SUSE Linux Enterprise High Performance Computing 15-LTSS
pkg:rpm/suse/apache-commons-httpclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5262 | — | < 3.1-4.3.2 | 3.1-4.3.2 | Oct 27, 2015 | http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | ||
| CVE-2014-3577 | — | < 3.1-4.3.2 | 3.1-4.3.2 | Aug 21, 2014 | org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, |
- CVE-2015-5262Oct 27, 2015affected < 3.1-4.3.2fixed 3.1-4.3.2
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
- CVE-2014-3577Aug 21, 2014affected < 3.1-4.3.2fixed 3.1-4.3.2
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,