CRITICAL🇵🇱 Wersja polska

CVE-2013-4366

CVSS 9.8v3.1pub. 2017-10-30upd. 2026-05-13

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Httpclient

    APP
    Apache
    4.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-40542HIGH7.3ten sam produkt

Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to acc...

CVE-2025-27820HIGH7.5ten sam produkt

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management a...

CVE-2020-13956MEDIUM5.3ten sam produkt

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in...

CVE-2015-5262MEDIUM4.3ten sam produkt

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the htt...

CVE-2014-3577MEDIUM5.8ten sam produkt

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient...