CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Cross site request forgery (csrf)

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

UBUNTU-CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

CVE-2020-13956

CVE-2020-13956 affects Apache HttpClient prior to 4.5.13 and 5.0.3. A malformed authority component in request URIs, when passed as a java.net.URI, can cause the client to misinterpret the target host and execute the request against an unintended host. This represents a misrouting vulnerability i...

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Security Bulletin:Security Bulletin: IBM Content Navigator is affected by a vulnerability in Apache HttpClient ( CVE-2020-13956)

Summary IBM Content Navigator has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By...

Apache HttpClient Information Disclosure Vulnerability

HttpClient is the United States Apache Apache Software Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. Apache HttpClient suffers from an information disclosure vulnerability that arises from errors such...

PT-2020-6898 · Apache +8 · Apache Httpclient +8

Name of the Vulnerable Software and Affected Versions: Apache HttpClient versions prior to 4.5.13 and 5.0.3 Description: The issue is related to the insufficient validation of input data in Apache HttpClient, which can lead to misinterpretation of malformed authority components in request URIs...

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Security Bulletin: Vulnerability from Apache HttpClient affects IBM Cloud Pak System (CVE-2012-5783)

Summary Vulnerability has been identified in Apache Commons HttpClient shipped with IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote...

Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577)

Summary IBM Global Mailbox is vulnerable to denial of service attacks and spoofing attacks due to the vulnerabilities in Apache httpClient Vulnerability Details CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured...

Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability

Summary Security vulnerability may affect Apache HttpClient used by IBM FileNet Content Manager. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname...

Improper Certificate Common Name Verification Allows Spoofing SSL Servers

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

GHSA-2X83-R56G-CV47 Improper certificate validation in org.apache.httpcomponents:httpclient

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +9387 more potentially affected by CVE-2012-6153 via org.apache.httpcomponents:httpclient (>=4.0 <=4.2.2)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.17.0, =0.2.3.5, =0.2.3.5, =3.14.0.1, =3.8.2.4, =3.18.0.9 and more Source cves: CVE-2012-6153 Source advisory: OSV:GHSA-2X83-R56G-CV47...

Improper certificate validation in org.apache.httpcomponents:httpclient

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), agorapulse.plugins.asset-pipeline-cdn:agorapulse.plugins.asset-pipeline-cdn.gradle.plugin (>=0.1 <=0.1.3) +15751 more potentially affected by CVE-2014-3577 via org.apache.httpcomponents:httpclient (>=4.0 <=4.3.4)

org.apache.httpcomponents:httpclient MAVEN version =4.0, =1.0.1, =0.1, =1.4.6, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =0.25, =0.25, =0.13.0, =0.13.0, =0.13.0, =0.12.0, =0.13.0, =0.12.0, =0.16.0 and more Source cves: CVE-2014-3577 Source advisory: OSV:GHSA-CFH5-3GHH-WFJX...

GHSA-CFH5-3GHH-WFJX Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Unspecified Vulnerability in Apache HttpClient

Apache HttpClient is the United States Apache Apache Software Foundation is used to provide efficient support for the HTTP protocol client programming toolkit. A security vulnerability exists in the http/impl/client/HttpClientBuilder.java file in version 4.3.x of Apache HttpClient prior to 4.3.1...