org.apache.httpcomponents%3Ahttpclient@4.3 vulnerabilities
-
latest version
4.5.14
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
2 years ago
-
licenses detected
- [4.0-alpha1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.httpcomponents%3Ahttpclient package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.httpcomponents:httpclient is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Improper Input Validation. Apache HttpClient can misinterpret malformed authority component in request URIs passed to the library as How to fix Improper Input Validation? Upgrade |
[,4.5.13)
|
Affected versions of this pacage are vulnerable to Man-in-the-Middle (MitM) attacks. http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification. |
[4.3,4.3.1)
|
org.apache.httpcomponents:httpclient is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Directory Traversal.
String input by user is not validated for the presence of leading character How to fix Directory Traversal? Upgrade |
[,4.5.3)
|
org.apache.httpcomponents:httpclient is a HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Denial of Service (DoS) via the How to fix Denial of Service (DoS)? Upgrade |
[4.3-alpha1,4.3.6)
|
org.apache.httpcomponents:httpclient is an HttpClient component of the Apache HttpComponents project. Affected versions of this package are vulnerable to Man-in-the-Middle (MitM) due to not verify the requesting server's hostname against existing domain names in the SSL Certificate. The How to fix Man-in-the-Middle (MitM)? Upgrade |
[4.0-alpha1,4.3.4)
|