CVE-2015-5262
ADVISORY - githubSummary
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
EPSS Score: 0.03292 (0.914)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Resource Management Errors
ADVISORY - gitlab
ADVISORY - redhat
Allocation of Resources Without Limits or Throttling
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in