Main Vulnerability Database Vulnerabilities #VU37997

#VU37997 Input validation error in httpclient - CVE-2013-4366

Published: October 30, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37997

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2013-4366

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
httpclient

Software vendor:
nahi

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

Remediation

Install update from vendor's website.

External links

http://svn.apache.org/r1528614
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt

#VU37997 Input validation error in httpclient - CVE-2013-4366

Description

Remediation

External links

Please verify you're human