Search CVE reports
1 – 4 of 4 results
Some fixes available 18 of 19
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of...
2 affected packages
commons-httpclient, httpcomponents-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| commons-httpclient | — | Fixed | Fixed | Fixed |
| httpcomponents-client | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 6
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN)...
2 affected packages
commons-httpclient, httpcomponents-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| commons-httpclient | — | — | — | Not affected |
| httpcomponents-client | — | — | — | Not affected |
Some fixes available 1 of 3
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the...
2 affected packages
commons-httpclient, httpcomponents-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| commons-httpclient | — | — | — | — |
| httpcomponents-client | — | — | — | — |
Some fixes available 1 of 5
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)...
2 affected packages
commons-httpclient, httpcomponents-client
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| commons-httpclient | — | — | — | — |
| httpcomponents-client | — | — | — | — |