CVE-2015-5262

ADVISORY - github

Summary

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

EPSS Score⁠: 0.03292 (0.914)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-399⁠

Resource Management Errors

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-399⁠

Resource Management Errors

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-770⁠

Allocation of Resources Without Limits or Throttling

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.