Description
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Remediation
References
Related Vulnerabilities
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10969)
WordPress Plugin Disqus Comment System Multiple Cross-Site Request Forgery Vulnerabilities (2.77)
WordPress Plugin Personalized WooCommerce Cart Page Cross-Site Request Forgery (2.4)
Oracle Application Server Other Vulnerability (CVE-2001-1372)