SUSE-SU-2020:3149-1 -- SLES apache-commons-httpclientID: oval:org.secpod.oval:def:89043516 | Date: (C)2021-03-05 (M)2023-12-07 |
Class: PATCH | Family: unix |
This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject"s Common Name or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a CN= string in a field in the distinguished name of a certificate. [bsc#1178171, CVE-2014-3577]
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |
Product: |
apache-commons-httpclient |