A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NApache Httpclient
APPApache5.4 – 5.4.3 (bez)Netapp Ontap Tools
APPNetapp10
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Powiązane podatności
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4
CVE-2024-28752CRITICAL9.3PL ✓ten sam produkt
SSRF w Apache CXF przez Aegis DataBinding — ataki na usługi webowe
CVE-2013-4366CRITICAL9.8ten sam produkt
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509Hostn...
CVE-2021-3156HIGH7.8⚠ KEVten sam produkt
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows...