PT-2026-54842 · Apache · Httpcomponents Core
Henry Huang
·
Published
2026-07-01
·
Updated
2026-07-01
·
CVE-2026-54399
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Apache HttpComponents Core versions prior to 5.4.3
Apache HttpComponents Core versions prior to 5.5-beta2
Description
An uncontrolled resource consumption issue exists in the HTTP/1.1 message parser. A remote attacker can trigger a denial of service via memory exhaustion by sending messages containing an excessive number of headers or excessive header length.
Recommendations
Update Apache HttpComponents Core to version 5.4.3 or later.
Update Apache HttpComponents Core to version 5.5-beta2 or later.
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Httpcomponents Core