VulnerableCode Package Details - pkg:deb/debian/commons-httpclient@3.1-11

Search for packages

Vulnerability	Summary	Fixed by
VCID-3ur6-9s61-13a3 Aliases: CVE-2015-5262 GHSA-fmj5-wv96-r2ch	http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.	3.1-12 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3ur6-9s61-13a3
Aliases:
CVE-2015-5262
GHSA-fmj5-wv96-r2ch

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

3.1-12
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3bxq-vmjj-kqfe	org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.	CVE-2014-3577 GHSA-cfh5-3ghh-wfjx

Vulnerability

Summary

Aliases

VCID-3bxq-vmjj-kqfe

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.

CVE-2014-3577
GHSA-cfh5-3ghh-wfjx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T20:57:07.526427+00:00	Debian Oval Importer	Affected by	VCID-3ur6-9s61-13a3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T18:49:41.709713+00:00	Debian Oval Importer	Fixing	VCID-3bxq-vmjj-kqfe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T20:37:29.354433+00:00	Debian Oval Importer	Affected by	VCID-3ur6-9s61-13a3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T18:34:16.643112+00:00	Debian Oval Importer	Fixing	VCID-3bxq-vmjj-kqfe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T20:17:34.252496+00:00	Debian Oval Importer	Affected by	VCID-3ur6-9s61-13a3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T18:19:26.902061+00:00	Debian Oval Importer	Fixing	VCID-3bxq-vmjj-kqfe	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0