Описание
Apache HttpClient disables domain checks
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-27820
- https://github.com/apache/httpcomponents-client/pull/574
- https://github.com/apache/httpcomponents-client/pull/621
- https://hc.apache.org/httpcomponents-client-5.4.x/index.html
- https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
- https://security.netapp.com/advisory/ntap-20250516-0003
Пакеты
org.apache.httpcomponents.client5:httpclient5
>= 5.4-alpha1, < 5.4.3
5.4.3
Связанные уязвимости
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
A bug in PSL validation logic in Apache HttpClient 5.4.x disables doma ...
Уязвимость механизма PSL validation клиентского модуля Apache HttpClient средства Apache HttpComponents, позволяющая нарушителю осуществить CSRF-атаку