Description
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
Remediation
References
http://svn.apache.org/r1528614
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
Related Vulnerabilities
CVE-2013-2165 Vulnerability in maven package org.richfaces.framework:richfaces-impl-jsf2
CVE-2021-39151 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-3509 Vulnerability in maven package com.google.protobuf:protobuf-java
CVE-2023-50776 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate
CVE-2018-1000616 Vulnerability in maven package org.onosproject:onos-cli