Lucene search
K

185 matches found

Tenable Nessus
Tenable Nessus
added 3 days ago7 views

FreeBSD : Apache HttpClient -- misinterpret malformed authority component (fa0c03dd-7c3a-11f1-8dc2-dca632daf43b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa0c03dd-7c3a-11f1-8dc2-dca632daf43b advisory. Apache Software Foundation reports: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can...

5.3CVSS6.7AI score0.08665EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-40542

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper...

7.3CVSS5.9AI score0.00456EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/28 5:26 p.m.15 views

Improper Authentication

Apache HttpClient is vulnerable to Improper Authentication. The vulnerability is due to a missing verification step in SCRAM-SHA-256 authentication, which allows an attacker to bypass proper mutual authentication checks and be accepted by the client...

7.3CVSS5.3AI score0.00456EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.8 views

SUSE CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 9:31 a.m.5 views

EUVD-2026-24630

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.7AI score0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 9:31 a.m.5 views

GHSA-V468-QCJX-R72W Apache HttpClient accepts SCRAM-SHA-256 authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 8:16 a.m.13 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS0.00456EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/22 8:16 a.m.4 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 8:16 a.m.5 views

UBUNTU-CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 7:7 a.m.6 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

5.7AI score0.00456EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 7:7 a.m.35 views

CVE-2026-40542 Apache HttpClient: SCRAM-SHA-256 mutual authentication bypass may cause the client to accept authentication without proper mutual authentication verification

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

0.00456EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/22 7:7 a.m.7 views

CVE-2026-40542

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper mutual authentication verification. Users are recommended to upgrade to version 5.6.1, which fixes this issue...

7.3CVSS5.3AI score0.00456EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

Apache HttpClient 安全漏洞

Apache HttpClient is a Java-based client program developed by the Apache Foundation for accessing HTTP resources. It is used to interact with network resources via the HTTP protocol. Version 5.6 of Apache HttpClient contained a security vulnerability, which stemmed from the omission of a critical...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : maven:3.5 (AXSA:2022-3572:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3572:01 advisory. apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Tenable has extracted the preceding description block...

5.3CVSS6.7AI score0.08665EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : maven:3.6 (AXSA:2022-3587:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3587:01 advisory. apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Tenable has extracted the preceding description block...

5.3CVSS6.7AI score0.08665EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0592

Malware in sbrugna...

4.3CVSS5.9AI score0.19312EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1284

Malware in sbrugna...

5.3CVSS6.8AI score0.08665EPSS
Exploits1References144
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4023

Malicious code in bioql PyPI...

4.3CVSS7.2AI score0.06685EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12102

Malicious code in bioql PyPI...

7.5CVSS6.8AI score0.00745EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-4812

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.0218EPSS
Exploits0References5
Rows per page
Query Builder