Main Vulnerability Database Vulnerabilities #VU47481

#VU47481 Input validation error in Apache HttpComponents - CVE-2020-13956

Published: October 9, 2020

Vulnerability identifier: #VU47481

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-13956

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache HttpComponents

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to insufficient validation of user-supplied input in Apache HttpClient. A remote attacker can pass request URIs to the library as java.net.URI object and force the application to pick the wrong target host for request execution.

Remediation

Install updates from vendor's website.

External links

https://seclists.org/oss-sec/2020/q4/34