Описание
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.5.3-1 |
| devel | not-affected | |
| esm-apps/xenial | not-affected | 4.5.1-1 |
| esm-infra-legacy/trusty | not-affected | 4.3.3-1 |
| precise/esm | DNE | |
| trusty | not-affected | 4.3.3-1 |
| trusty/esm | not-affected | 4.3.3-1 |
| upstream | released | 4.3.2-1 |
| xenial | not-affected | 4.5.1-1 |
| zesty | not-affected | 4.5.2-2 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x bef ...
Hostname verification in Apache HttpClient 4.3 was disabled by default
Уязвимость клиентского модуля Apache HttpClient средства Apache HttpComponents (http/impl/client/HttpClientBuilder.java), позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
7.5 High
CVSS2
9.8 Critical
CVSS3