FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Apache HttpClient -- misinterpret malformed authority component

Affected packages
3.1 <= apache-commons-httpclient
3.1 <= jakarta-commons-httpclient
httpclient < 4.5.13
5.0.0 <= httpclient < 5.0.3

Details

VuXML ID fa0c03dd-7c3a-11f1-8dc2-dca632daf43b
Discovery 2020-02-12
Entry 2026-07-10

Apache Software Foundation reports:

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

References

CVE Name CVE-2020-13956
URL https://nvd.nist.gov/vuln/detail/CVE-2020-13956