CRITICAL🇬🇧 English

CVE-2013-4366

CVSS 9.8v3.1pub. 2017-10-30upd. 2026-05-13

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Httpclient

    APP
    Apache
    4.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-40542HIGH7.3ten sam produkt

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to acc...

CVE-2025-27820HIGH7.5ten sam produkt

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management a...

CVE-2020-13956MEDIUM5.3ten sam produkt

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in...

CVE-2015-5262MEDIUM4.3ten sam produkt

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the htt...

CVE-2014-3577MEDIUM5.8ten sam produkt

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient...