CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Kong Gateway Admin API Remote Code Execution Exploit

This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin...

Fuel CMS 1.4 Remote Code Execution

!/usr/bin/env ruby Title: Fuel CMS 1.4 - Remote Code Execution Exploit Author: Alexandre ZANNI Date: 2020-11-14 Vendor Homepage: https://www.getfuelcms.com/ Software Link: https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 Version: FILE -h | --help Options: Root URL base path including...

Security Bulletin:Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpClient ( CVE-2020-13956)

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By...

openSUSE: Security Advisory for apache-commons-httpclient (openSUSE-SU-2020:1875-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1875)

This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

openSUSE Security Update : apache-commons-httpclient (openSUSE-2020-1873)

This update for apache-commons-httpclient fixes the following issues : - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

OPENSUSE-SU-2020:1875-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

openSUSE: Security Advisory for apache-commons-httpclient (openSUSE-SU-2020:1873-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for apache-commons-httpclient (important)

openSUSE Security Update: Security update for apache-commons-httpclient Announcement ID: openSUSE-SU-2020:1875-1 Rating: important References: 1178171 945190 Cross-References: CVE-2014-3577 CVE-2015-5262 Affected Products: openSUSE Leap 15.2 An update that fixes two vulnerabilities is now...

Security update for apache-commons-httpclient (important)

openSUSE Security Update: Security update for apache-commons-httpclient Announcement ID: openSUSE-SU-2020:1873-1 Rating: important References: 1178171 945190 Cross-References: CVE-2014-3577 CVE-2015-5262 Affected Products: openSUSE Leap 15.1 An update that fixes two vulnerabilities is now...

SUSE-SU-2020:3152-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

SUSE-SU-2020:3151-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

SUSE-SU-2020:3149-1 Security update for apache-commons-httpclient

This update for apache-commons-httpclient fixes the following issues: - http/conn/ssl/SSLConnectionSocketFactory.java ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...

IBM WebSphere Application Server 7.0.0.x <= 7.0.0.45 / 8.0.0.x <= 8.0.0.15 / 8.5.x < 8.5.5.14 / 9.0.x < 9.0.0.8 Information Disclosure (CVE-2012-5783)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.x through 7.0.0.45, 8.0.0.x through 8.0.0.15, 8.5.0.x prior to 8.5.5.14 or 9.0.x prior to 9.0.0.8. It is, therefore, affected by an information disclosure vulnerability in the Apache Commons HttpClient subcomponent d...

DSA-4772-1 httpcomponents-client - security update

Bulletin has no description...

Validation Bypass

httpclient is vulnerable to validation bypass. A malformed authority component in the request URIs that is passed to the library as java.net.URI object would result in the request execution for a wrong target host...

Apache HttpClient Information Disclosure Vulnerability

HttpClient is the United States Apache Apache Software Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. Apache HttpClient suffers from an information disclosure vulnerability that arises from errors such...

PT-2020-6898 · Apache +8 · Apache Httpclient +8

Name of the Vulnerable Software and Affected Versions: Apache HttpClient versions prior to 4.5.13 and 5.0.3 Description: The issue is related to the insufficient validation of input data in Apache HttpClient, which can lead to misinterpretation of malformed authority components in request URIs...

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...