exploitDog

CVE-2020-13956

Опубликовано: 02 дек. 2020

Источник: debian

Описание

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
httpcomponents-client	fixed	4.5.13-1		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=1886587
Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)

Связанные уязвимости

CVE-2020-13956

CVSS3: 5.3

ubuntu

около 5 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

CVE-2020-13956

CVSS3: 5.3

redhat

больше 5 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

CVE-2020-13956

CVSS3: 5.3

nvd

около 5 лет назад

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

SUSE-SU-2024:4036-1

suse-cvrf

около 1 года назад

Security update for httpcomponents-client, httpcomponents-core

RLSA-2022:1861

rocky

больше 3 лет назад

Moderate: maven:3.5 security update