Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache httpclient vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x prior to 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows malicious users to have unspecified impact via vectors involving hostname verification.
Apache Httpclient 4.3
5.3
CVSSv3
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Apache Httpclient
Quarkus Quarkus
Oracle Primavera Unifier 16.2
Oracle Primavera Unifier 16.1
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Primavera Unifier 18.8
Oracle Data Integrator 12.2.1.3.0
Oracle Primavera Unifier
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Primavera Unifier 19.12
Oracle Data Integrator 12.2.1.4.0
Oracle Primavera Unifier 20.12
Oracle Peoplesoft Enterprise Pt Peopletools 8.57
Oracle Nosql Database
Oracle Peoplesoft Enterprise Pt Peopletools 8.59
Oracle Peoplesoft Enterprise Pt Peopletools 8.58
Oracle Retail Customer Management And Segmentation Foundation
Oracle Sql Developer
Oracle Spatial Studio
Oracle Jd Edwards Enterpriseone Tools
Oracle Jd Edwards Enterpriseone Orchestrator
Netapp Snapcenter -
5 Github repositories
NA
CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient prior to 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote malicious users to cause a denial of service (HTTPS call hang) via unspecified vecto...
Fedoraproject Fedora 22
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Canonical Ubuntu Linux 15.04
Apache Httpclient
5 Github repositories
NA
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient prior to 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle maliciou...
Apache Commons-httpclient
NA
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 cert...
Apache Httpclient
Apache Httpasyncclient
4 Github repositories
NA
CVE-2012-5783
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all...
Apache Httpclient 3.1
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
1 Github repository
NA
CVE-2011-1498
Apache HttpClient 4.x prior to 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Apache Httpclient 4.0
Apache Httpclient 4.1
Apache Httpclient 4.0.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started