Apache HttpComponents HttpClient DoS Vulnerability (CVE-2015-5262)

Apache HttpComponents HttpClient DoS Vulnerability (CVE-2015-5262)
Apache HttpComponents HttpClient DoS Vulnerability (CVE-2015-5262)

Release date:
Updated on:

Affected Systems:

Apache Group HttpComponents HttpClient 〈 4.3.6
Apache Group HttpComponents HttpClient

Description:

CVE (CAN) ID: CVE-2015-5262

Apache HttpComponents is responsible for creating and maintaining a low-level Java Component tool set related to HTTP and related protocols.

Apache HttpComponents earlier than HttpClient 4.3.6, http/conn/ssl/SSLConnectionSocketFactory. java ignores the http. socket. timeout setting during the SSL handshake. Remote attackers can exploit this vulnerability to cause DOS.

<* Source: Apache
*>

Suggestion:

Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://svn.apache.org/viewvc? View = revision & revision = 1626784
Https://bugzilla.redhat.com/show_bug.cgi? Id = 1261538
Https://issues.apache.org/jira/browse/HTTPCLIENT-1478

How to Use HttpClient 4.0

How does Android use HttpClient to submit data in Post mode and add http header information?

How does Android use HttpClient to Get data and add http header information?

HttpComponents details: click here
HttpComponents: click here

This article permanently updates the link address: