Количество 5
Количество 5
CVE-2017-14063
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
CVE-2017-14063
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
CVE-2017-14063
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
CVE-2017-14063
Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...
GHSA-93jq-624g-4p9p
Improper Input Validation in async-http-client
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2017-14063 Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. | CVSS3: 7.5 | 3% Низкий | больше 8 лет назад |
 | CVE-2017-14063 Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. | CVSS3: 5.3 | 3% Низкий | больше 8 лет назад |
 | CVE-2017-14063 Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. | CVSS3: 7.5 | 3% Низкий | больше 8 лет назад |
| CVE-2017-14063 Async Http Client (aka async-http-client) before 2.0.35 can be tricked ... | CVSS3: 7.5 | 3% Низкий | больше 8 лет назад |
| GHSA-93jq-624g-4p9p Improper Input Validation in async-http-client | CVSS3: 7.5 | 3% Низкий | больше 7 лет назад |
Уязвимостей на страницу