Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
httpclient vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-15694
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Nim-lang Nim
4.9
CVSSv2
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x before 0.9.5, and versions 0.8.x before 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to fo...
Pivotal Reactor Netty
6
CVSSv2
CVE-2017-2589
It exists that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
Hawt Hawtio 1.4.0
Redhat Jboss Fuse 6.3
4.3
CVSSv2
CVE-2017-1000396
Jenkins 2.73.1 and previous versions, 2.83 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as...
Jenkins Jenkins
4.3
CVSSv2
CVE-2017-1000397
Jenkins Maven Plugin 2.17 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on ...
Jenkins Maven
4.3
CVSSv2
CVE-2017-1000402
Jenkins Swarm Plugin Client 3.4 and previous versions bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks.
Jenkins Swarm
7.5
CVSSv2
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x prior to 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows malicious users to have unspecified impact via vectors involving hostname verification.
Apache Httpclient 4.3
4.3
CVSSv2
CVE-2016-7964
The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172...
Dokuwiki Dokuwiki 2016-06-26a
4.3
CVSSv2
CVE-2015-5262
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient prior to 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote malicious users to cause a denial of service (HTTPS call hang) via unspecified vecto...
Fedoraproject Fedora 22
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Fedoraproject Fedora 23
Fedoraproject Fedora 21
Canonical Ubuntu Linux 15.04
Apache Httpclient
5 Github repositories
4.3
CVSSv2
CVE-2012-6153
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient prior to 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle maliciou...
Apache Commons-httpclient
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »