Описание
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| httpcomponents-client | not-affected | package |
Примечания
https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
Introduced with: https://github.com/apache/httpcomponents-client/pull/574 (5.4-RC1)
Fixed by: https://github.com/apache/httpcomponents-client/pull/621
Fixed by: https://github.com/apache/httpcomponents-client/commit/c68724713ab8e4a41992d230d41f8dfe0a1a7ba5 (master)
Fixed by: https://github.com/apache/httpcomponents-client/commit/bff9c4772bc0824570d43969ce87886d01766b1c (5.4.3-RC1)
Связанные уязвимости
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Уязвимость механизма PSL validation клиентского модуля Apache HttpClient средства Apache HttpComponents, позволяющая нарушителю осуществить CSRF-атаку