OPENSUSE-SU-2020:1875-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 08 Nov 2020, 05:26
Last modified:04 Feb 2026, 03:29

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

08 Nov 2020, 05:26
Published
Vulnerability first disclosed
04 Feb 2026, 03:29
Last Modified
Vulnerability information updated

Description

Security update for apache-commons-httpclient This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors. [bsc#945190, CVE-2015-5262] - org.apache.http.conn.ssl.AbstractVerifier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows MITM attackers to spoof SSL servers via a 'CN=' string in a field in the distinguished name (DN) of a certificate. [bsc#1178171, CVE-2014-3577] This update was imported from the SUSE:SLE-15-SP2:Update update project.

Affected Systems

  • opensuseapache-commons-httpclient&distro=openSUSE Leap 15.2

    < 3.1-lp152.6.3.1

References (5)