CVE-2025-27820 Apache HttpComponents: PSL (Public Suffix List) validation bypass

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...

CVE-2025-27820

CVE-2025-27820 affects Apache HttpClient 5.4.x, where a PSL validation logic bug disables domain checks, impacting cookie management and hostname verification. Root cause: PSL validation flaw in 5.4.x. Impact: as described, with potential weaknesses in hostname verification and cookie handling; C...

Apache HttpClient 安全漏洞

Apache HttpClient is the United States Apache Apache Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. A logic error vulnerability exists in Apache HttpClient versions prior to 5.4.3, which stems from a P...

PT-2025-17726 · Apache +2 · Apache Httpclient +3

Name of the Vulnerable Software and Affected Versions: Apache HttpClient versions 5.4.0 through 5.4.2 Description: A bug in PSL validation logic disables domain checks, affecting cookie management and host name verification. This issue was discovered by the Apache HttpClient team. Recommendations...

Linux Distros Unpatched Vulnerability : CVE-2020-13956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.UR...

Security Bulletin: Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed (CVE-2020-13956).

Summary Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed CVE-2020-13956. Apache HttpClient has been removed from IBM EntireX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to Apache HttpClient Vulnerability

Summary IBM Sterling Connect:Direct Web Services uses Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs.. This bulletin identifies the steps to take to address the vulnerabilities...

Security Bulletin: Vulnerabilities in Logback, Guava and Apache HTTPClient affect IBM watsonx.data

Summary Logback, Guava and Apache HTTPClient have vulnerabilties that can affect watsonx.data. These vulnerabilities include remote attacks to bypass security restrictions and remote authenticated attacker to execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2021-42550...

Security Bulletin: Multiple Vulnerabilities in IBM Application Performance Management

Summary Multiple vulnerabilities were addressed in IBM Application Performance Management 8.1.4.0 IF16 patch Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption...

Security Bulletin: IBM QRadar SIEM protocols are vulnerable to Security Restriction Bypass ( CVE-2020-13956)

Summary Apache HttpClient is vulnerable to Security Restriction Bypass. Attackers can potentially break security and potentially steal sensitive information. This has been addressed with an update. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote...

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 and The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 contains fixes which was identified as a vulnerability during OSS scan. These version contain upgraded version of guava-28.0-jre.jar CVE-2020-8908, httpclient-4.0.jar...

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 269. Vulnerability Details CVEID:CVE-2024-20918 DESCRIPTION: An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause...

Rocky Linux 8 : maven:3.6 (RLSA-2022:1860)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1860 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.U...

Rocky Linux 8 : maven:3.5 (RLSA-2022:1861)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1861 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.U...

Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-34981 DESCRIPTION: Apache Tomcat could allow a remote attacker to obtain...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary IBM Cognos Dashboards on Cloud Pak for Data 4.7.3 resolves vulnerabilities reported in the Node.js February 2023 CVE-2023-23918, CVE-2023-23920, CVE-2023-24807, CVE-2023-23936, CVE-2023-23919 and June 2023 CVE-2023-30588, CVE-2023-30589 Security Releases as well as vulnerabilities in Pyth...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected IBM Jazz Reporting Service

Summary IBM Jazz Reporting Service is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker t...

Security Bulletin: Multiple Vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons affect IBM Engineering Lifecycle Optimization - Publishing

Summary There are multiple vulnerabilities in Apache HttpClient, HttpComponents and HttpCommons libraries. This has been addressed. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection...