Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Remediation

References

CVE-2020-13956

Related Vulnerabilities

WordPress Plugin Email Subscribers by Icegram Express-Email Marketing, Newsletters, Automation for WordPress & WooCommerce Cross-Site Scripting (4.0.13)

Apache 2.x version older than 2.0.63

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)

WordPress 4.3.x Denial of Service Vulnerability (4.3 - 4.3.15)

osCommerce Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43705)

Severity

Medium

Classification

CVE-2020-13956 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities