Security Bulletin:IBM TRIRIGA Application Platform discloses Apache HttpClient vulnerability (CVE-2020-13956)

Summary Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security...

Security Bulletin: IBM Sterling Global Mailbox is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)

Summary Vulnerability in Apache HttpClient library shipped with IBM Sterling Global Mailbox has been addressed. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed...

Security Bulletin: Vulnerabilities in httpclient library affects IBM Engineering Test Management (ETM) (CVE-2020-13956)

Summary This Security Vulnerablity has been addressed in IBM Engineering Test Management. A fix is available to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the imprope...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

Critical: Red Hat Security Advisory: Red Hat Fuse 7.12 release and security update

A minor version update from 7.11 to 7.12 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient have affected APM Linux KVM Agent

Summary APM Linux KVM Agent is vulnerable to Apache HttpClient vulnerabilities described in220912, CVE-2020-13956. The fix includes httpclient-4.5.jar upgraded to httpclient-4.5.13.jar Vulnerability Details CVEID:CVE-2012-6153 DESCRIPTION: Apache HttpComponents could allow a remote attacker to...

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerabilities in Apache HttpClient

Summary Apache HttpClient used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2011-1498, CVE-2012-5783, CVE-2012-6153, CVE-2014-3577,CVE-2015-5262 Vulnerability Details CVEID:CVE-2011-1498 DESCRIPTION: Apache HttpComponents could allow a remote attacker to obtain...

Amazon Linux 2 : httpcomponents-client (ALAS-2023-1946)

The version of httpcomponents-client installed on the remote host is prior to 4.2.5-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1946 advisory. Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in reques...

Medium: httpcomponents-client

Issue Overview: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. CVE-2020-13956 Affected Packages: httpcomponents-client...

Security Bulletin: IBM B2B Advanced Communications is vulnerable to multiple issues due to Apache HttpClient

Summary IBM B2B Advanced Communications has addressed vulnerabilities in Apache HttpClient shipped with product. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed...

Security Bulletin: Multiple vulnerabilities found with third-party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatch is vulnerable to a denial of service, caused by a regular expression denial of servi...

SUSE CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

Security Bulletin: Multiple Vulnerabilities in Java packages affect IBM Voice Gateway

Summary Security Vulnerabilities in Java packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2010-2245 DESCRIPTION: Apache Wink could allow a remote attacker to obtain sensitive information, caused by an XML external entity XXE error when...

Security Bulletin: A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data

Summary A Vulnerability In Apache HttpClient Affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data. Please see below for details and a remediation/fix for this issue. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypas...

Security Bulletin: IBM Stering B2B Integrator is vulnerable to security bypass due to Apache HttpClient (CVE-2020-13956)

Summary IBM Sterling B2B Integrator has addressed the security vulnerability in Apache HttpClient. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority...

Security Bulletin: Potential Vulnerability in Apache HttpClient used by Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2020-13956)

Summary There is a potential vulnerability in Apache HttpClient that could allow remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling...

Security Bulletin: A vulnerability in Apache HttpClient affects IBM Tivoli Business Service Manager (CVE-2020-13956)

Summary Apache HttpClient is shipped with IBM Tivoli Business Manager 6.2.0 as part of is web service infrastructure. Information about security vulnerabilities affecting Apache HttpClient has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache...

Security Bulletin: A security vulnerability has been identified in Apache HttpClient shipped with IBM Tivoli Netcool Impact (CVE-2020-13956)

Summary Apache HttpClient is shipped with IBM Tivoli Netcool Impact to handle HTTP communications. . Information about a security vulnerability affecting Apache HttpClient has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...