CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
References
Link Resource
http://svn.apache.org/r1528614 Issue Tracking Release Notes Patch Vendor Advisory
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt Issue Tracking Release Notes Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-30 19:29

Updated : 2024-02-04 19:29


NVD link : CVE-2013-4366

Mitre link : CVE-2013-4366

CVE.ORG link : CVE-2013-4366


JSON object : View

Products Affected

apache

  • httpclient
CWE
CWE-20

Improper Input Validation