Security Bulletin: A vulnerability found in Apache HttpClient which is shipped with IBM® Intelligent Operations Center (CVE-2020-13956)

Summary A vulnerability found in Apache HttpClient which is shipped with IBM® Intelligent Operations Center. Information about these vulnerabilities affecting IBM® Intelligent Operations Center have been published and addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2020-13956...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Security Bulletin: IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-13956

Summary IBM TRIRIGA Application Platform discloses CVE-2020-13956 Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing...

Oracle Linux 8 : maven:3.5 (ELSA-2022-1861)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1861 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as...

Oracle Linux 8 : maven:3.6 (ELSA-2022-1860)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1860 advisory. - Resolves: CVE-2020-13956 maven Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

GHSA-GW85-4GMF-M7RH Exposure of Sensitive Information to an Unauthorized Actor in Apache HttpClient

Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header...

ai.api.libai.speech:libai-speech-gcp (>=1.4.6 <=1.6.12), ai.grakn:janus-factory (>=0.17.0 <=0.18.0) +4473 more potentially affected by CVE-2011-1498 via org.apache.httpcomponents:httpclient (>=4.0.1 <=4.1-beta1)

org.apache.httpcomponents:httpclient MAVEN version =4.0.1, =1.4.6, =0.17.0, =0.2.3.5, =0.2.3.5, =3.14.0.1, =3.8.2.4, =0.2.3.5, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.10.5.1, =3.10.4.1, =3.10.4.1, =3.20.0.1, =3.32.1.5 and more Source cves: CVE-2011-1498 Source advisory: OSV:GHSA-GW85-4GMF-M7RH...

GHSA-PQWH-44JJ-P5RM Hostname verification in Apache HttpClient 4.3 was disabled by default

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

at.molindo:etcd-client (=0.1), br.com.ingenieux:beanstalk-maven-plugin (=1.4.0) +476 more potentially affected by CVE-2013-4366 via org.apache.httpcomponents:httpclient (>=4.3 <=4.3-beta2)

org.apache.httpcomponents:httpclient MAVEN version =4.3, =1.2.0, =1.3.3, =3.0.0, =3.1.1 - com.amazonaws.resources:aws-resources =0.0.3 - com.amazonaws.resources:aws-resources-core =0.0.3 - com.amazonaws.resources:aws-resources-ec2 =0.0.3 - com.amazonaws.resources:aws-resources-glacier =0.0.3 -...

Hostname verification in Apache HttpClient 4.3 was disabled by default

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

Improper Certificate Validation in Apache Commons HttpClient

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

AlmaLinux 8 : maven:3.5 (ALSA-2022:1861)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1861 advisory. apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Tenable has extracted the preceding description block directl...

AlmaLinux 8 : maven:3.6 (ALSA-2022:1860)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1860 advisory. apache-httpclient: incorrect handling of malformed authority component in request URIs CVE-2020-13956 Tenable has extracted the preceding description block directl...

RHEL 8 : maven:3.5 (RHSA-2022:1861)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1861 advisory. Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build...

RHEL 8 : maven:3.6 (RHSA-2022:1860)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1860 advisory. Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build...

Moderate: Red Hat Security Advisory: maven:3.5 security update

An update for the maven:3.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

Moderate: Red Hat Security Advisory: maven:3.6 security and enhancement update

An update for the maven:3.6 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...