Misinterpretation of Malformed Authority Component in Apache HttpClient

Misinterpretation of Malformed Authority Component in Apache HttpClient

CVE-2020-13956 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Learn more about our Web Application Penetration Testing UK.