Published: 02/12/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache httpclient
quarkus quarkus
oracle primavera unifier 16.2
oracle primavera unifier 16.1
oracle peoplesoft enterprise peopletools 8.57
oracle primavera unifier 18.8
oracle data integrator 12.2.1.3.0
oracle primavera unifier
oracle peoplesoft enterprise peopletools 8.58
oracle primavera unifier 19.12
oracle data integrator 12.2.1.4.0
oracle primavera unifier 20.12
oracle peoplesoft enterprise pt peopletools 8.57
oracle nosql database
oracle peoplesoft enterprise pt peopletools 8.59
oracle peoplesoft enterprise pt peopletools 8.58
oracle retail customer management and segmentation foundation
oracle sql developer
oracle spatial studio
oracle jd edwards enterpriseone tools
oracle jd edwards enterpriseone orchestrator
netapp snapcenter -
netapp active iq unified manager -
oracle weblogic server 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
oracle commerce guided search 11.3.2
oracle communications cloud native core service communication proxy 1.14.0

Priyank Nigam discovered that HttpComponents Client, a Java HTTP agent implementation, could misinterpret malformed authority component in a request URI and pick the wrong target host for request execution For the stable distribution (buster), this problem has been fixed in version 457-1+deb10u1 We recommend that you upgrade your httpcomponents ...

Apache HttpClient versions prior to version 4513 and 503 can misinterpret malformed authority component in request URIs passed to the library as javanetURI object and pick the wrong target host for request execution (CVE-2020-13956) ...

Synopsis Moderate: Red Hat build of Quarkus 176 release and security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat build of QuarkusRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 735 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 735 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73Red Hat Product Security has rated this update as having a security impact of Important A ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 735 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a ...

Synopsis Critical: Red Hat Fuse 712 release and security update Type/Severity Security Advisory: Critical Topic A minor version update (from 711 to 712) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update as h ...

Synopsis Moderate: maven:36 security and enhancement update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the maven:36 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has r ...

Synopsis Moderate: rh-maven36-httpcomponents-client security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-maven36-httpcomponents-client is now available for Red Hat Software CollectionsRed Hat P ...

Synopsis Important: Red Hat JBoss Enterprise Application Platform 735 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 73 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a ...

Synopsis Moderate: maven:35 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the maven:35 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...

Synopsis Important: Red Hat Decision Manager 7100 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Decision ManagerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) b ...

Synopsis Important: Red Hat Single Sign-On 745 security update Type/Severity Security Advisory: Important Topic A security update is now available for Red Hat Single Sign-On 74 from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulne ...

Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2020-8908, CVE-2020-13956, CVE-2020-25649, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696 Affected products and versions are listed below Please upgrade your version to the appropriate version ...

oss-sec mailing list archives   By Date By Thread </form>    [CVE-2020-13956] Apache HttpClient incorrect handling of malformed URI authority component  <!--X-H ...

Monitoring service for Unix (AIX, Linux, HP-UX, MacOS, Solaris) systems

New Relic Unix Monitor System-Level Monitoring for AIX, HP-UX, Linux, OSX/MacOS & Solaris/SunOS TL;DR - where's the download link? Here If you are just deploying and not compiling it, please download the release instead of cloning the repo Table Of Contents Disclaimer Contributing Requirements Operating Systems with available configurations Installation Over

The data set underlying the State of Dependency Management report 2022

State of Dependency Management 2022 This repository contains the data set on the basis of which the statistics and charts in Endor Labs' 2022 State of Dependency Management report have been created Starting point are the packages mentioned in Appendices A-H of Census II Kudos to The Linux Foundation and Harvard’s Lab for Innovation Science for having collected, pro

Java SDK for CyberSource Simple Order API

CyberSource Simple Order API for Java Package Managers Maven To install the cybersource-sdk-java from central repository, add dependency to your application pomxml as below <dependency> <groupId>comcybersource</groupId> <artifactId>cybersource-sdk-java</artifactId> <version>6213&

Lutung - A Java Mandrill API Connector

Lutung - Java Mandrill API NOTE: This project is a fork since the original project no longer maintained Lutung - a Java interface to the Mandrill API Check out Mandrill's API [Documentation] (mandrillappcom/api/docs/) to see all the possible magic Features: all public API calls are implemented easy library set up; just provide your api key that you got from M

Get Started

CVE-2020-13956

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect