What is CVE-2015-5262?

CVE-2015-5262 is a vulnerability in Apache Httpclient, classified under CWE-399. Published 2015-10-27.

Is CVE-2015-5262 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Httpclient

CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS…

EPSS: 0.012 (79.3th percentile) — read the EPSS interpretation.

Affected products

Apache Httpclient
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
Fedoraproject Fedora — versions 21, 22, 23
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory, Issue Tracking)
FEDORA-2015-15590 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
FEDORA-2015-15589 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
FEDORA-2015-15588 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
1033743 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
USN-2769-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2015-5262?: CVE-2015-5262 is a vulnerability in Apache Httpclient, classified under CWE-399. Published 2015-10-27.
Is CVE-2015-5262 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.