Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

[CVE-2020-13956] Apache HttpClient incorrect handling of malformed URI authority component

Related Vulnerabilities: CVE-2020-13956  
Source 
                CVE-2020-13956: Apache HttpClient incorrect handling of malformed
authority component in request URIs

Severity: Medium

Vendor:
The Apache Software Foundation

Versions Affected:
Apache HttpClient 4.5.12 and prior 
Apache HttpClient 5.0.2 and prior

Description:

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
misinterpret malformed authority component in request URIs passed to
the library as java.net.URI object and pick the wrong target host for
request execution.  

Mitigation:

As of release 4.5.13 and 5.0.3 HttpClient will reject URIs with
ambiguous malformed authority component as invalid. Users of HttpClient
are advised to upgrade to version 4.5.13 or 5.0.3 and sanitize request
URIs when using java.net.URI as input.

Credit:
This issue was discovered and reported by Priyank Nigam

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook
Vulmon Logo
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started