CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

http://svn.apache.org/r1528614
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
http://svn.apache.org/r1528614
http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt

Products affected by CVE-2013-4366

Apache » Httpclient » Version: 4.3

cpe:2.3:a:apache:httpclient:4.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4366

Products

Pricing

Contact Us