Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-13956: incorrect handling of malformed authority component in request URIs (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Red Hat: CVE-2020-13956: incorrect handling of malformed authority component in request URIs (Multiple Advisories)

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

12/02/2020

Created

05/14/2022

Added

05/13/2022

Modified

12/15/2023

Description

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Solution(s)

redhat-upgrade-aopalliance
redhat-upgrade-apache-commons-cli
redhat-upgrade-apache-commons-codec
redhat-upgrade-apache-commons-io
redhat-upgrade-apache-commons-lang3
redhat-upgrade-apache-commons-logging
redhat-upgrade-atinject
redhat-upgrade-cdi-api
redhat-upgrade-geronimo-annotation
redhat-upgrade-glassfish-el-api
redhat-upgrade-google-guice
redhat-upgrade-guava
redhat-upgrade-guava20
redhat-upgrade-hawtjni-runtime
redhat-upgrade-httpcomponents-client
redhat-upgrade-httpcomponents-core
redhat-upgrade-jansi
redhat-upgrade-jansi-native
redhat-upgrade-jboss-interceptors-1-2-api
redhat-upgrade-jcl-over-slf4j
redhat-upgrade-jsoup
redhat-upgrade-jsr-305
redhat-upgrade-maven
redhat-upgrade-maven-lib
redhat-upgrade-maven-openjdk11
redhat-upgrade-maven-openjdk17
redhat-upgrade-maven-openjdk8
redhat-upgrade-maven-resolver
redhat-upgrade-maven-resolver-api
redhat-upgrade-maven-resolver-connector-basic
redhat-upgrade-maven-resolver-impl
redhat-upgrade-maven-resolver-spi
redhat-upgrade-maven-resolver-transport-wagon
redhat-upgrade-maven-resolver-util
redhat-upgrade-maven-shared-utils
redhat-upgrade-maven-wagon
redhat-upgrade-maven-wagon-file
redhat-upgrade-maven-wagon-http
redhat-upgrade-maven-wagon-http-shared
redhat-upgrade-maven-wagon-provider-api
redhat-upgrade-plexus-cipher
redhat-upgrade-plexus-classworlds
redhat-upgrade-plexus-containers-component-annotations
redhat-upgrade-plexus-interpolation
redhat-upgrade-plexus-sec-dispatcher
redhat-upgrade-plexus-utils
redhat-upgrade-sisu
redhat-upgrade-sisu-inject
redhat-upgrade-sisu-plexus
redhat-upgrade-slf4j

References

CVE-2020-13956
RHSA-2022:1860
RHSA-2022:1861

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Red Hat: CVE-2020-13956: incorrect handling of malformed authority component in request URIs (Multiple Advisories)

Red Hat: CVE-2020-13956: incorrect handling of malformed authority component in request URIs (Multiple Advisories)

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.