Rocky Linux 8 : maven:3.5 (RLSA-2022:1861)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1861 advisory. - Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.U...

Security Bulletin: A security vulnerability has been identified in Apache HttpClient shipped with IBM Tivoli Netcool Impact (CVE-2020-13956)

Summary Apache HttpClient is shipped with IBM Tivoli Netcool Impact to handle HTTP communications. . Information about a security vulnerability affecting Apache HttpClient has been published in a security bulletin. Vulnerability Details CVEID:CVE-2020-13956 DESCRIPTION: Apache HttpClient could...

Cross-site scripting in Apache HttpClient

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

apache-httpclient: incorrect handling of malformed authority component in request URIs

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution...

CVE-2020-13956

CVE-2020-13956 affects Apache HttpClient prior to 4.5.13 and 5.0.3. A malformed authority component in request URIs, when passed as a java.net.URI, can cause the client to misinterpret the target host and execute the request against an unintended host. This represents a misrouting vulnerability i...

Design/Logic Flaw

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...