CVEFinder.io

CVE-2015-5262

đŸ”ļ medium
🔍 Scan for this CVE
Summary

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

CVSS Score
4.3
Medium
EPSS Score
0.9
Exploit Probability
Published Date
2015-10-27
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 5.4% of all 329,456 vulnerabilities in our database.

#311,645
Below average severity
Severity Percentile
Last Modified 2025-04-12
Source NVD 🔗
CWE IDs (Weakness Types)
CWE-399

đŸ“Ļ Affected Products 7

Vendor Product Status Affected Versions
fedoraproject fedora Affected
v21
fedoraproject fedora Affected
v22
fedoraproject fedora Affected
v23
canonical ubuntu_linux Affected
v12.04
canonical ubuntu_linux Affected
v14.04
canonical ubuntu_linux Affected
v15.04
apache httpclient Affected
≥ 4.3 ≤ 4.3.5

🔗 References 15

http://lists.fedoraproject.org/pipermail/package-ann...
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-ann...
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-ann...
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce...
http://lists.opensuse.org/opensuse-security-announce...
http://svn.apache.org/viewvc?view=revision&revision=...
Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/...
http://www.securitytracker.com/id/1033743
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2769-1
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1261538
Issue Tracking Third Party Advisory
https://issues.apache.org/jira/browse/HTTPCLIENT-1478
Vendor Advisory
https://jenkins.io/security/advisory/2018-02-26/
Third Party Advisory
https://lists.apache.org/thread.html/519eb0fd45642dc...
https://lists.apache.org/thread.html/b0656d359c7d40e...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-47326 đŸ”ļ medium 5.5 0.1 Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor not... 2026-05-28
CVE-2026-47327 ℹī¸ low 3.3 0.1 Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmo... 2026-05-28
CVE-2026-47328 đŸ”ļ medium 6.1 0.1 Ubuntu Linux 6.8, 6.17 and 7.0 contain AppArmor SAUCE patches which incorrectly attempt to free a pointer which was not ... 2026-05-28
CVE-2026-47329 ℹī¸ low 3.3 0.1 Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor n... 2026-05-28
CVE-2026-47330 ℹī¸ low 3.3 0.1 Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitializ... 2026-05-28
CVE-2026-47331 ⚠ī¸ high 7.8 0.1 Ubuntu Linux 6.8 contains AppArmor SAUCE patches which fail to acquire a lock when modifying a linked list. An unprivile... 2026-05-28
These CVEs affect the same products