Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Remediation

References

CVE-2020-13956

Related Vulnerabilities

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8669)

WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0)

WordPress Plugin UltimateWoo-The Ultimate WooCommerce with Unlimited Usage PHP Object Injection (0.1.10)

Oracle Database Server CVE-2008-0345 Vulnerability (CVE-2008-0345)

Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-26185)

Severity

Medium

Classification

CVE-2020-13956 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities