Skip to main content

Httpclient

8 CVEs product

Monthly

CVE-2025-27820 Maven HIGH PATCH This Week

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Httpclient Ontap Tools Red Hat +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-50342 PHP MEDIUM PATCH This Month

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Httpclient
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2020-13956 Maven MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient Quarkus Data Integrator +14
NVD
CVSS 3.1
5.3
EPSS
8.7%
CVE-2020-15094 PHP HIGH PATCH This Week

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Httpclient Symfony Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
3.0%
CVE-2013-4366 Maven CRITICAL PATCH Act Now

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache Information Disclosure Httpclient
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2015-5262 Maven MEDIUM PATCH This Month

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Java Apache Ubuntu Linux Fedora +1
NVD
CVSS 2.0
4.3
EPSS
1.6%
CVE-2014-3577 Maven MEDIUM POC PATCH This Month

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Apache Httpclient Httpasyncclient
NVD
CVSS 2.0
5.8
EPSS
1.4%
CVE-2012-5783 Maven MEDIUM PATCH This Month

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Information Disclosure Java Httpclient Ubuntu Linux
NVD
CVSS 2.0
5.8
EPSS
0.6%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apache Httpclient +3
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

symfony/http-client is a module for the Symphony PHP framework which provides powerful methods to fetch HTTP resources synchronously or asynchronously. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Httpclient
NVD GitHub
EPSS 9% CVSS 5.3
MEDIUM PATCH This Month

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Httpclient +16
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient class from the HttpClient Symfony component relies on the HttpCache class to handle requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Httpclient Symfony +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache Information Disclosure +1
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Java Apache +3
NVD
EPSS 1% CVSS 5.8
MEDIUM POC PATCH This Month

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Apache Httpclient +1
NVD
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Apache Information Disclosure Java +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy