Информационная безопасность
[RU] switch to English


CVECVE-2015-5262
СтатусCandidate
Описаниеhttp/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
PhaseAssigned (01.07.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5262
ReferencesSECTRACK : 1033743
 FEDORA : FEDORA-2015-15588
 FEDORA : FEDORA-2015-15589
 FEDORA : FEDORA-2015-15590
 CONFIRM : http://svn.apache.org/viewvc?view=revision&rev...
 CONFIRM : https://bugzilla.redhat.com/show_bug.cgi?id=1261538
 CONFIRM : https://issues.apache.org/jira/browse/HTTPCLIENT-1478
 UBUNTU : USN-2769-1
SecurityVulns:DoS против Apache Commons HttpClient
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород