Httpclient@* Security Vulnerabilities and Issues — Httpclient@* CVE List

Lucene search

ApacheHttpclient*

4 matches found

CVE•added 2020/12/02 5:15 p.m.•757 views

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

5.3CVSS5.9AI score0.00519EPSS

CVE•added 2014/08/21 2:55 p.m.•269 views

CVE-2014-3577

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in...

5.8CVSS6.5AI score0.01367EPSS

CVE•added 2025/04/24 12:15 p.m.•216 views

CVE-2025-27820

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

7.5CVSS6.9AI score0.00038EPSS

CVE•added 2015/10/27 4:59 p.m.•210 views

CVE-2015-5262

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.

4.3CVSS5.2AI score0.00949EPSS