CVE-2020-13956

CVE-2020-13956

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Published Oct 14, 2020

Red Hat · Bugzilla #1886587 openwall.com

CVSS ScoreMedium

5.3

Vulnerabilities

CVE-2020-13956

Published Oct 14, 2020

Red Hat · Bugzilla #1886587 openwall.com

CVSS ScoreMedium

5.3

CVE-2020-13956 Security Details

CVE ID: CVE-2020-13956
CWE: NVD-CWE-noinfo
CVE Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Published: Oct 14, 2020
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score: 0.505%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/apache/hc/client5/http/utils/URIUtils.extractHost(Ljava/net/URI;)Lorg/apache/hc/core5/http/HttpHost;
JVMVulnerable params: 0
org/apache/http/client/utils/URIUtils.extractHost(Ljava/net/URI;)Lorg/apache/http/HttpHost;
JVMVulnerable params: 0
org/apache/http/impl/client/AbstractHttpClient.determineTarget(Lorg/apache/http/client/methods/HttpUriRequest;)Lorg/apache/http/HttpHost;
JVMVulnerable params: 0
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Red Hat · Bugzilla #1886587THIRD_PARTY
openwall.comTHIRD_PARTY

CVE-2020-13956 Security Details

CVE ID: CVE-2020-13956
CWE: NVD-CWE-noinfo
CVE Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Published: Oct 14, 2020
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score: 0.505%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/apache/hc/client5/http/utils/URIUtils.extractHost(Ljava/net/URI;)Lorg/apache/hc/core5/http/HttpHost;
JVMVulnerable params: 0
org/apache/http/client/utils/URIUtils.extractHost(Ljava/net/URI;)Lorg/apache/http/HttpHost;
JVMVulnerable params: 0
org/apache/http/impl/client/AbstractHttpClient.determineTarget(Lorg/apache/http/client/methods/HttpUriRequest;)Lorg/apache/http/HttpHost;
JVMVulnerable params: 0
Affected Ecosystems: affected
Source: National Vulnerability Database
References: Red Hat · Bugzilla #1886587THIRD_PARTY
openwall.comTHIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2020-13956

CVE-2020-13956 Security Details

CVE-2020-13956 Security Details