CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
References
Link Resource
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt Issue Tracking Release Notes Vendor Advisory
http://svn.apache.org/r1528614 Issue Tracking Release Notes Patch Vendor Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*

Information

Published : 2017-10-30 12:29

Updated : 2020-07-28 06:44


NVD link : CVE-2013-4366

Mitre link : CVE-2013-4366


JSON object : View

CWE
CWE-20

Improper Input Validation

Advertisement

dedicated server usa

Products Affected

apache

  • httpclient