Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Remediation

References

CVE-2020-13956

Related Vulnerabilities

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.5)

WordPress Plugin All-in-One WP Migration Security Bypass (7.14)

LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16177)

PrestaShop CVE-2020-26224 Vulnerability (CVE-2020-26224)

Oracle Database Server CVE-2011-0881 Vulnerability (CVE-2011-0881)

Severity

Medium

Classification

CVE-2020-13956 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities