Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
httpclient vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-1498
Apache HttpClient 4.x prior to 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
Apache Httpclient 4.0
Apache Httpclient 4.1
Apache Httpclient 4.0.1
9.8
CVSSv3
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x prior to 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows malicious users to have unspecified impact via vectors involving hostname verification.
Apache Httpclient 4.3
NA
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient prior to 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle maliciou...
Apache Commons-httpclient
8.8
CVSSv3
CVE-2022-41249
A cross-site request forgery (CSRF) vulnerability in Jenkins SCM HttpClient Plugin 1.5 and previous versions allows malicious users to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
Jenkins Scm Httpclient
6.5
CVSSv3
CVE-2022-41250
A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stor...
Jenkins Scm Httpclient
NA
CVE-2014-3577
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient prior to 4.3.5 and HttpAsyncClient prior to 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 cert...
Apache Httpclient
Apache Httpasyncclient
4 Github repositories
8.8
CVSSv3
CVE-2020-15094
In Symfony prior to 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. HttpCache uses internal headers like X-Body-Eval and X-Body-File to control the restoration of cached responses. The class was...
Sensiolabs Httpclient
Sensiolabs Symfony
Fedoraproject Fedora 32
Fedoraproject Fedora 33
NA
CVE-2012-5783
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which all...
Apache Httpclient 3.1
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
1 Github repository
NA
CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient prior to 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote malicious users to cause a denial of service (HTTPS call hang) via unspecified vecto...
Fedoraproject Fedora 22
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Canonical Ubuntu Linux 15.04
Apache Httpclient
5 Github repositories
7.5
CVSSv3
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Nim-lang Nim
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »