http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Httpclient
APPApache4.3
Powiązane podatności
Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to acc...
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management a...
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in...
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the htt...
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient...