HIGH✓ PATCH🇬🇧 English

CVE-2025-27820

CVSS 7.5v3.1pub. 2025-04-24upd. 2025-07-16

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • Apache Httpclient

    APP
    Apache
    5.4 – 5.4.3 (bez)
  • Netapp Ontap Tools

    APP
    Netapp
    10
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt

Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4

CVE-2024-28752CRITICAL9.3PL ✓ten sam produkt

SSRF w Apache CXF przez Aegis DataBinding — ataki na usługi webowe

CVE-2013-4366CRITICAL9.8ten sam produkt

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509Hostn...

CVE-2021-3156HIGH7.8⚠ KEVten sam produkt

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows...