Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Remediation

References

CVE-2020-13956

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2021-23131)

WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.18)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Vulnerabilities (4.1.2)

WordPress Plugin Coming Soon & Maintenance Mode Page Cross-Site Request Forgery (1.57)

WordPress Plugin Paytium:Mollie payment forms & donations Cross-Site Scripting (3.1.1)

Severity

Medium

Classification

CVE-2020-13956 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities