CVE-2013-4366

Name of the Vulnerable Software and Affected Versions Apache HttpClient versions 4.3.x before 4.3.1

Description The issue is related to insufficient input validation in the X509HostnameVerifier of the Apache HttpClient client module. This could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability involves hostname verification and can be exploited by attackers via unspecified vectors.

Recommendations For Apache HttpClient versions 4.3.x before 4.3.1, ensure that the X509HostnameVerifier is properly set to prevent exploitation. As a temporary workaround, consider implementing additional validation for hostname verification until a patch is available.