SSL Handshake Vulnerability in Apache HttpComponents HttpClient
CVE-2015-5262

Currently unrated

Key Information:

Vendor

Fedoraproject

Status
Fedora
Ubuntu Linux
Vendor
CVE Published:
27 October 2015

What is CVE-2015-5262?

The Apache HttpComponents HttpClient prior to version 4.3.6 contains a vulnerability in the SSLConnectionSocketFactory that fails to respect the http.socket.timeout configuration during the SSL handshake process. This oversight can be exploited by remote attackers, leading to denial of service situations where HTTPS calls can hang indefinitely, disrupting service and availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1626784
x_refsource_CONFIRM
https://jenkins.io/security/advisory/2018-02-26/
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.