First published: Thu Oct 08 2020(Updated: )
Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el6ea | 0:2.9.0-7.redhat_00017.1.el6ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el6ea | 0:2.3.9-12.SP13_redhat_00001.1.el6ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el6ea | 0:3.2.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el6ea | 0:5.3.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el6ea | 0:4.5.13-1.redhat_00001.1.el6ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el6ea | 0:4.0.37-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el6ea | 0:2.0.8-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el6ea | 0:1.11.0-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el6ea | 0:5.0.20-1.Final_redhat_00001.1.el6ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el6ea | 0:1.7.2-4.Final_redhat_00005.1.el6ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el6ea | 0:3.7.12-1.Final_redhat_00001.1.el6ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el6ea | 0:5.9.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el6ea | 0:0.0.4.1-2.redhat_00002.1.el6ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el6ea | 0:3.11.3-1.Final_redhat_00001.1.el6ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el6ea | 0:2.0.33-1.SP2_redhat_00001.1.el6ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el6ea | 0:7.3.5-2.GA_redhat_00001.1.el6ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el6ea | 0:1.2.1-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el6ea | 0:1.10.10-1.Final_redhat_00001.1.el6ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el6ea | 0:1.0.24-1.Final_redhat_00001.1.el6ea |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el7ea | 0:2.9.0-7.redhat_00017.1.el7ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el7ea | 0:2.3.9-12.SP13_redhat_00001.1.el7ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el7ea | 0:3.2.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el7ea | 0:5.3.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el7ea | 0:4.5.13-1.redhat_00001.1.el7ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el7ea | 0:4.0.37-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el7ea | 0:2.0.8-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el7ea | 0:1.11.0-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el7ea | 0:5.0.20-1.Final_redhat_00001.1.el7ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el7ea | 0:1.7.2-4.Final_redhat_00005.1.el7ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el7ea | 0:3.7.12-1.Final_redhat_00001.1.el7ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el7ea | 0:5.9.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el7ea | 0:0.0.4.1-2.redhat_00002.1.el7ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el7ea | 0:3.11.3-1.Final_redhat_00001.1.el7ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el7ea | 0:2.0.33-1.SP2_redhat_00001.1.el7ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el7ea | 0:7.3.5-2.GA_redhat_00001.1.el7ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el7ea | 0:1.2.1-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el7ea | 0:1.10.10-1.Final_redhat_00001.1.el7ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el7ea | 0:1.0.24-1.Final_redhat_00001.1.el7ea |
redhat/eap7-activemq-artemis | <0:2.9.0-7.redhat_00017.1.el8ea | 0:2.9.0-7.redhat_00017.1.el8ea |
redhat/eap7-glassfish-jsf | <0:2.3.9-12.SP13_redhat_00001.1.el8ea | 0:2.3.9-12.SP13_redhat_00001.1.el8ea |
redhat/eap7-hal-console | <0:3.2.12-1.Final_redhat_00001.1.el8ea | 0:3.2.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-hibernate | <0:5.3.20-1.Final_redhat_00001.1.el8ea | 0:5.3.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-httpcomponents-client | <0:4.5.13-1.redhat_00001.1.el8ea | 0:4.5.13-1.redhat_00001.1.el8ea |
redhat/eap7-jboss-ejb-client | <0:4.0.37-1.Final_redhat_00001.1.el8ea | 0:4.0.37-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-genericjms | <0:2.0.8-1.Final_redhat_00001.1.el8ea | 0:2.0.8-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-modules | <0:1.11.0-1.Final_redhat_00001.1.el8ea | 0:1.11.0-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-remoting | <0:5.0.20-1.Final_redhat_00001.1.el8ea | 0:5.0.20-1.Final_redhat_00001.1.el8ea |
redhat/eap7-jboss-server-migration | <0:1.7.2-4.Final_redhat_00005.1.el8ea | 0:1.7.2-4.Final_redhat_00005.1.el8ea |
redhat/eap7-jboss-xnio-base | <0:3.7.12-1.Final_redhat_00001.1.el8ea | 0:3.7.12-1.Final_redhat_00001.1.el8ea |
redhat/eap7-narayana | <0:5.9.10-1.Final_redhat_00001.1.el8ea | 0:5.9.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-opentracing-interceptors | <0:0.0.4.1-2.redhat_00002.1.el8ea | 0:0.0.4.1-2.redhat_00002.1.el8ea |
redhat/eap7-resteasy | <0:3.11.3-1.Final_redhat_00001.1.el8ea | 0:3.11.3-1.Final_redhat_00001.1.el8ea |
redhat/eap7-undertow | <0:2.0.33-1.SP2_redhat_00001.1.el8ea | 0:2.0.33-1.SP2_redhat_00001.1.el8ea |
redhat/eap7-wildfly | <0:7.3.5-2.GA_redhat_00001.1.el8ea | 0:7.3.5-2.GA_redhat_00001.1.el8ea |
redhat/eap7-wildfly-discovery | <0:1.2.1-1.Final_redhat_00001.1.el8ea | 0:1.2.1-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-elytron | <0:1.10.10-1.Final_redhat_00001.1.el8ea | 0:1.10.10-1.Final_redhat_00001.1.el8ea |
redhat/eap7-wildfly-http-client | <0:1.0.24-1.Final_redhat_00001.1.el8ea | 0:1.0.24-1.Final_redhat_00001.1.el8ea |
redhat/rh-maven36-httpcomponents-client | <0:4.5.9-1.3.el7 | 0:4.5.9-1.3.el7 |
redhat/httpclient | <4.5.13 | 4.5.13 |
redhat/httpclient | <5.0.3 | 5.0.3 |
IBM Secure Proxy | <=6.0.2 | |
IBM Secure Proxy | <=6.0.1 | |
IBM Sterling Secure Proxy | <=3.4.3.2 | |
Apache HttpClient | <4.5.13 | |
Apache HttpClient | >=5.0.0<5.0.3 | |
Quarkus Quarkus | <1.7.6 | |
Oracle Data Integrator | =12.2.1.3.0 | |
Oracle Data Integrator | =12.2.1.4.0 | |
Oracle Jd Edwards Enterpriseone Orchestrator | <9.2.6.0 | |
Oracle Jd Edwards Enterpriseone Tools | <9.2.6.0 | |
Oracle Nosql Database | <20.3 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.57 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle Peoplesoft Enterprise Pt Peopletools | =8.57 | |
Oracle Peoplesoft Enterprise Pt Peopletools | =8.58 | |
Oracle Peoplesoft Enterprise Pt Peopletools | =8.59 | |
Oracle Primavera Unifier | >=17.7<=17.12 | |
Oracle Primavera Unifier | =16.1 | |
Oracle Primavera Unifier | =16.2 | |
Oracle Primavera Unifier | =18.8 | |
Oracle Primavera Unifier | =19.12 | |
Oracle Primavera Unifier | =20.12 | |
Oracle Retail Customer Management and Segmentation Foundation | >=16.0<=19.0 | |
Oracle Spatial Studio | <20.1.1 | |
Oracle SQL Developer | <20.4.1.407.0006 | |
Netapp Active Iq Unified Manager Linux | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Snapcenter | ||
Oracle Commerce Guided Search | =11.3.2 | |
Oracle Communications Cloud Native Core Service Communication Proxy | =1.14.0 | |
Oracle SQL Developer | <21.99 | |
Oracle WebLogic Server | =12.2.1.4.0 | |
Oracle WebLogic Server | =14.1.1.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)