Description
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
Remediation
References
http://svn.apache.org/r1528614
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
Related Vulnerabilities
CVE-2017-11608 Vulnerability in npm package node-sass
CVE-2017-1000421 Vulnerability in npm package gifsicle
CVE-2023-29527 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2014-9634 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2018-7408 Vulnerability in maven package org.webjars.bower:npm