Описание
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| httpcomponents-client | fixed | 4.3.2-1 | package | |
| httpcomponents-client | not-affected | wheezy | package |
Примечания
http://svn.apache.org/r1528614
EPSS
Связанные уязвимости
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
Hostname verification in Apache HttpClient 4.3 was disabled by default
Уязвимость клиентского модуля Apache HttpClient средства Apache HttpComponents (http/impl/client/HttpClientBuilder.java), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS