A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NApache Httpclient
APPApache5.4 – 5.4.3 (bez)Netapp Ontap Tools
APPNetapp10
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
Related vulnerabilities
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2024-52533CRITICAL9.8PL ✓ten sam produkt
Buffer overflow w GNOME GLib — błąd off-by-one w obsłudze SOCKS4
CVE-2024-28752CRITICAL9.3PL ✓ten sam produkt
SSRF w Apache CXF przez Aegis DataBinding — ataki na usługi webowe
CVE-2013-4366CRITICAL9.8ten sam produkt
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509Hostn...
CVE-2021-3156HIGH7.8⚠ KEVten sam produkt
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows...