907 matches found
Apache HttpClient disables domain checks
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
GHSA-73M2-QFQ3-56CX Apache HttpClient disables domain checks
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
UBUNTU-CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-27820 Apache HttpComponents: PSL (Public Suffix List) validation bypass
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-27820 Apache HttpComponents: PSL (Public Suffix List) validation bypass
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release...
CVE-2025-27820
CVE-2025-27820 affects Apache HttpClient 5.4.x, where a PSL validation logic bug disables domain checks, impacting cookie management and hostname verification. Root cause: PSL validation flaw in 5.4.x. Impact: as described, with potential weaknesses in hostname verification and cookie handling; C...
Apache HttpClient 安全漏洞
Apache HttpClient is the United States Apache Apache Foundation of a Java written to access HTTP resources client program. The program is used to access network resources using the HTTP protocol. A logic error vulnerability exists in Apache HttpClient versions prior to 5.4.3, which stems from a P...
PT-2025-17726 · Apache +2 · Apache Httpclient +3
Name of the Vulnerable Software and Affected Versions: Apache HttpClient versions 5.4.0 through 5.4.2 Description: A bug in PSL validation logic disables domain checks, affecting cookie management and host name verification. This issue was discovered by the Apache HttpClient team. Recommendations...
Linux Distros Unpatched Vulnerability : CVE-2012-6153
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the...
Linux Distros Unpatched Vulnerability : CVE-2020-13956
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.UR...
Astra Linux - уязвимость в symfony
symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. When using the NoPrivateNetworkHttpClient, some internal information is still leaking during host resolution, which leads to possible IP/port...
Security Bulletin: vulnerability in Apache Commons HttpClient affects IBM Workload Automation.
Summary IBM Workload Automation is affected by a vulnerability in Apache Commons HttpClient that can cause Authorization Bypass CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and oth...
Security Bulletin: Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed (CVE-2020-13956).
Summary Due to the use of Apache HttpClient, IBM EntireX is vulnerable to security restrictions being bypassed CVE-2020-13956. Apache HttpClient has been removed from IBM EntireX in order to address the vulnerability. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...
SUSE-SU-2024:3963-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: - Update to upstream tag jdk-17.0.13+11 October 2024 CPU Security fixes + JDK-8307383: Enhance DTLS connections + JDK-8290367, JDK-8332643: Update default value and extend the scope of com.sun.jndi.ldap.object.trustSerialData system...
CVE-2024-51987
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...
CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...
CVE-2024-51987 HTTP Client uses incorrect token after refresh in Duende.AccessTokenManagement.OpenIdConnect
Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by AddUserAccessTokenHttpClient may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captur...