Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/commons-httpclient@3.1-12
purl pkg:deb/debian/commons-httpclient@3.1-12
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-3ur6-9s61-13a3 http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. CVE-2015-5262
GHSA-fmj5-wv96-r2ch

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T20:57:07.533100+00:00 Debian Oval Importer Fixing VCID-3ur6-9s61-13a3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T20:37:29.362104+00:00 Debian Oval Importer Fixing VCID-3ur6-9s61-13a3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T20:17:34.263585+00:00 Debian Oval Importer Fixing VCID-3ur6-9s61-13a3 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0