HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2025-27820

CVSS 7.5v3.1pub. 2025-04-24upd. 2025-07-16

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Apache Httpclient

    APP
    Apache
    5.4 – 5.4.3 (bez)
  • Netapp Ontap Tools

    APP
    Netapp
    10
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4

CVE-2024-28752CRITICAL9.3PL ✓ten sam produkt

SSRF w Apache CXF przez Aegis DataBinding — ataki na usługi webowe

CVE-2013-4366CRITICAL9.8ten sam produkt

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509Hostn...

CVE-2021-3156HIGH7.8⚠ KEVten sam produkt

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows...