Vulnerability

CVE-2020-13956

 Report advisory or correction

CVSS Score 5.3 medium

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-noinfo

References

https://bugzilla.redhat.com/show_bug.cgi?id=1886587
https://www.openwall.com/lists/oss-security/2020/10/08/4
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13956

[CVE-2020-13956] CWE-noinfo

Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

See org.apache.httpcomponents/httpclient package information