Описание
Hostname verification in Apache HttpClient 4.3 was disabled by default
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
Пакеты
org.apache.httpcomponents:httpclient
>= 4.3, < 4.3.1
4.3.1
Связанные уязвимости
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x bef ...
Уязвимость клиентского модуля Apache HttpClient средства Apache HttpComponents (http/impl/client/HttpClientBuilder.java), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации