Overview
Request 844266 accepted
- Security fix [bsc#945190, CVE-2015-5262]
* http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors.
- Add apache-commons-httpclient-CVE-2015-5262.patch
- Security fix [bsc#1178171, CVE-2014-3577]
* org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a "CN=" string in a field in the distinguished name (DN)
of a certificate.
- Add apache-commons-httpclient-CVE-2014-3577.patch
- Created by pmonrealgonzalez
- In state accepted
-
Package maintainer:
gkenion
Request History
pmonrealgonzalez created request
- Security fix [bsc#945190, CVE-2015-5262]
* http/conn/ssl/SSLConnectionSocketFactory.java ignores the
http.socket.timeout configuration setting during an SSL handshake,
which allows remote attackers to cause a denial of service (HTTPS
call hang) via unspecified vectors.
- Add apache-commons-httpclient-CVE-2015-5262.patch
- Security fix [bsc#1178171, CVE-2014-3577]
* org.apache.http.conn.ssl.AbstractVerifier does not properly
verify that the server hostname matches a domain name in the
subject's Common Name (CN) or subjectAltName field of the X.509
certificate, which allows MITM attackers to spoof SSL servers
via a "CN=" string in a field in the distinguished name (DN)
of a certificate.
- Add apache-commons-httpclient-CVE-2014-3577.patch
fstrba accepted request
@pmonrealgonzalez: review reminder