CVE-2020-13956

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache HttpClient versions prior to 4.5.13 and 5.0.3

Description The issue is related to the insufficient validation of input data in Apache HttpClient, which can lead to misinterpretation of malformed authority components in request URIs. This can cause the library to pick the wrong target host for request execution, potentially allowing a remote attacker to gain unauthorized access to protected data or modify, add, or delete protected data.

Recommendations For versions prior to 4.5.13, update to version 4.5.13 or later. For versions prior to 5.0.3, update to version 5.0.3 or later. As a temporary workaround, ensure proper URIs are used for any S3 connectivity and implement appropriate controls around modifying such URIs in the connector's configuration.

Fix

XSS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-20

Related Identifiers

ALSA-2022:1860

ALSA-2022:1861

BDU:2023-05212

CESA-2022_1860

CESA-2022_1861

CVE-2020-13956

DLA-2405-1

DSA-4772-1

GHSA-7R82-7XV7-XCPJ

GHSA-HWVM-VFW8-93MW

MGASA-2021-0314

OPENSUSE-SU-2024:10687-1

OPENSUSE-SU-2024:14478-1

OPENSUSE-SU-2024_4036-1

RHSA-2021:0246

RHSA-2021:0247

RHSA-2021:0248

RHSA-2022:0722

RHSA-2022:1860

RHSA-2022:1861

RHSA-2022_1860

RHSA-2022_1861

RLSA-2022:1860

RLSA-2022:1861

SUSE-SU-2024:4036-1

SUSE-SU-2024_4036-1

USN-5239-1

Affected Products

Almalinux

Apache Httpclient

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2020-13956

Weakness Enumeration

Related Identifiers

Affected Products

References · 185