rpm package
suse/apache-commons-httpclient&distro=SUSE OpenStack Cloud Crowbar 8
pkg:rpm/suse/apache-commons-httpclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5262 | — | < 3.1-6.3.1 | 3.1-6.3.1 | Oct 27, 2015 | http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. | ||
| CVE-2014-3577 | — | < 3.1-6.3.1 | 3.1-6.3.1 | Aug 21, 2014 | org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, |
- CVE-2015-5262Oct 27, 2015affected < 3.1-6.3.1fixed 3.1-6.3.1
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
- CVE-2014-3577Aug 21, 2014affected < 3.1-6.3.1fixed 3.1-6.3.1
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate,