CVE-2013-4366

Improper Input Validation in maven/org.apache.httpcomponents/httpclient

Identifiers

GHSA-pqwh-44jj-p5rm, CVE-2013-4366

Package Slug

maven/org.apache.httpcomponents/httpclient

Vulnerability

Improper Input Validation

Description

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

Affected Versions

All versions starting from 4.3 before 4.3.1

Solution

Upgrade to version 4.3.1 or above.

Last Modified

2022-06-10

source