11 matches found
CVE-2026-40542
A flaw was found in Apache HttpClient. This vulnerability allows a remote attacker to bypass a critical step in the SCRAM-SHA-256 authentication process. By exploiting this, an attacker can trick the client into accepting authentication without proper mutual verification, potentially compromising...
org.apache.httpcomponents.client5:httpclient5-cache (=5.6-alpha1), org.apache.httpcomponents.client5:httpclient5-fluent (=5.6-alpha1) +2 more potentially affected by CVE-2026-40542 via org.apache.httpcomponents.client5:httpclient5 (=5.6-alpha1)
org.apache.httpcomponents.client5:httpclient5 MAVEN version =5.6-alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.httpcomponents.client5:httpclient5 and may be impacted: - org.apache.httpcomponents.client5:httpclient5-cache =5.6-alpha1...
Linux Distros Unpatched Vulnerability : CVE-2025-27820
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apach...
SUSE CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service HTTPS call hang via unspecified vectors...
SUSE CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
apache-httpclient: incorrect handling of malformed authority component in request URIs
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 1.7.6 release and security update
An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...
DEBIAN-CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...
MGASA-2015-0392 Updated jakarta-commons-httpclient and httpcomponents-client packages fixes security vulnerability
The Apache httpclient library had a bug where the socket timeout was ignored during the SSL handshake, causing threads in an application to hang CVE-2015-5262...
jakarta-commons-httpclient: missing connection hostname check against X.509 certificate name
It was found that Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...