CVE-2020-13956 (CNNVD-202010-372)
MEDIUM
中文标题:
Apache HttpClient 安全漏洞
英文标题:
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority co...
CVSS分数:
5.3
发布时间:
2020-12-02 16:20:12
漏洞类型:
其他
状态:
PUBLISHED
数据质量分数:
0.30
数据版本:
v3
漏洞描述
中文描述:
HttpClient是美国阿帕奇(Apache)基金会的一个 Java 编写的访问HTTP资源的客户端程序。该程序用于使用HTTP协议访问网络资源。 Apache HttpClient java.net.URI Authority Component存在安全漏洞,该漏洞允许攻击者访问敏感数据。
英文描述:
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
CWE类型:
(暂无数据)
标签:
(暂无数据)
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| apache | httpclient | * | - | - |
cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*
|
| quarkus | quarkus | * | - | - |
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
|
| oracle | data_integrator | 12.2.1.3.0 | - | - |
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
|
| oracle | data_integrator | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | jd_edwards_enterpriseone_orchestrator | * | - | - |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
|
| oracle | jd_edwards_enterpriseone_tools | * | - | - |
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
|
| oracle | nosql_database | * | - | - |
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_peopletools | 8.57 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_peopletools | 8.58 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_pt_peopletools | 8.57 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_pt_peopletools | 8.58 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
|
| oracle | peoplesoft_enterprise_pt_peopletools | 8.59 | - | - |
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.59:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | * | - | - |
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 16.1 | - | - |
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 16.2 | - | - |
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 18.8 | - | - |
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 19.12 | - | - |
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
|
| oracle | primavera_unifier | 20.12 | - | - |
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
|
| oracle | retail_customer_management_and_segmentation_foundation | * | - | - |
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*
|
| oracle | spatial_studio | * | - | - |
cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*
|
| oracle | sql_developer | * | - | - |
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
|
| netapp | active_iq_unified_manager | - | - | - |
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
|
| netapp | snapcenter | - | - | - |
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
|
| oracle | commerce_guided_search | 11.3.2 | - | - |
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
|
| oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 | - | - |
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 12.2.1.4.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
|
| oracle | weblogic_server | 14.1.1.0.0 | - | - |
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
无标题
x_refsource_MISC
cve.org
访问
cve.org
[ranger-dev] 20201204 [jira] [Assigned] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[ranger-dev] 20201204 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[ranger-dev] 20201215 [jira] [Updated] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[ranger-dev] 20201215 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
cve.org
访问
cve.org
[ranger-dev] 20201216 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-solr-user] 20201229 Upgrade httpclient version due to CVE-2020-13956?
mailing-list
cve.org
访问
cve.org
[turbine-commits] 20210203 svn commit: r1886168 - in /turbine/core/trunk: ./ conf/ conf/test/ src/java/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/ src/test/org/apache/turbine/services/urlmapper/model/ xdocs/howto/
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210301 [jira] [Updated] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210301 [jira] [Assigned] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[hive-gitbox] 20210301 [GitHub] [hive] hsnusonic opened a new pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[hive-dev] 20210301 [jira] [Created] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[hive-issues] 20210301 [jira] [Work logged] (HIVE-24837) Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[hive-gitbox] 20210302 [GitHub] [hive] hsnusonic closed pull request #2032: HIVE-24837 Upgrade httpclient to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20210316 [jira] [Resolved] (SOLR-15270) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20210316 [jira] [Created] (SOLR-15269) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20210316 [jira] [Created] (SOLR-15270) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[maven-issues] 20210530 [jira] [Updated] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[maven-issues] 20210530 [jira] [Resolved] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[maven-issues] 20210530 [jira] [Closed] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-issues] 20210604 [jira] [Commented] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-dev] 20210604 [GitHub] [drill] luocooong opened a new pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-dev] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-issues] 20210604 [jira] [Created] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-dev] 20210604 [GitHub] [drill] cgivre commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-dev] 20210604 [GitHub] [drill] laurentgo merged pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-issues] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-dev] 20210604 [jira] [Resolved] (DRILL-7946) Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[drill-commits] 20210604 [drill] branch master updated: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956 (#2250)
mailing-list
cve.org
访问
cve.org
[drill-dev] 20210604 [GitHub] [drill] luocooong commented on pull request #2250: DRILL-7946: Bump HttpClient from 4.5.12 to 4.5.13 for CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[creadur-commits] 20210608 [jira] [Work started] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[creadur-commits] 20210608 [jira] [Resolved] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[creadur-commits] 20210608 [jira] [Commented] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[creadur-commits] 20210608 [jira] [Created] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[creadur-commits] 20210608 [jira] [Assigned] (TENTACLES-13) Upgrade httpclient to circumvent CVE-2020-13956
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[maven-issues] 20210621 [jira] [Assigned] (DOXIA-615) Can you provide an updated version in order to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[creadur-dev] 20210621 [jira] [Updated] (RAT-275) Update httpclient to fix CVE-2020-13956 once a new doxia-core release is available
mailing-list
cve.org
访问
cve.org
[solr-issues] 20210623 [jira] [Updated] (SOLR-15270) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20210623 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke commented on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
mailing-list
cve.org
访问
cve.org
[jackrabbit-dev] 20210706 [GitHub] [jackrabbit-oak] reschke removed a comment on pull request #310: OAK-9482: upgrade httpclient to 4.5.13
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[solr-issues] 20210912 [jira] [Updated] (SOLR-15269) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20210914 [GitHub] [bookkeeper] nicoloboschi opened a new pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[bookkeeper-issues] 20210917 [GitHub] [bookkeeper] nicoloboschi commented on pull request #2793: Upgrade httpclient from 4.5.5 to 4.5.13 to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20210921 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20210921 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20211007 [GitHub] [lucene-solr] madrob commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 closed pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 commented on pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20211009 [GitHub] [lucene-solr] ventry1990 opened a new pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20211011 [jira] [Commented] (SOLR-15269) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20211011 [jira] [Resolved] (SOLR-15269) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[lucene-issues] 20211011 [GitHub] [lucene-solr] madrob merged pull request #2579: SOLR-15269: Upgrade Apache HttpComponents Client to 4.5.13 to fix CVE-2020-13956
mailing-list
cve.org
访问
cve.org
[solr-issues] 20211019 [jira] [Closed] (SOLR-15269) upgrade httpclient to address CVE-2020-13956
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
[ranger-dev] 20211028 [jira] [Commented] (RANGER-3100) Upgrade httpclient version from 4.5.6 to 4.5.13+ due to CVE-2020-13956
mailing-list
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_MISC
cve.org
访问
cve.org
无标题
x_refsource_CONFIRM
cve.org
访问
cve.org
CVSS评分详情
5.3
MEDIUM
CVSS向量:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS版本:
3.1
机密性
NONE
完整性
LOW
可用性
NONE
时间信息
发布时间:
2020-12-02 16:20:12
修改时间:
2024-08-04 12:32:14
创建时间:
2025-11-11 15:36:02
更新时间:
2025-11-11 15:56:29
利用信息
暂无可利用代码信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2020-13956 |
2025-11-11 15:20:23 | 2025-11-11 07:36:02 |
| NVD | nvd_CVE-2020-13956 |
2025-11-11 14:57:06 | 2025-11-11 07:44:30 |
| CNNVD | cnnvd_CNNVD-202010-372 |
2025-11-11 15:12:30 | 2025-11-11 07:56:29 |
版本与语言
当前版本:
v3
主要语言:
EN
支持语言:
EN
ZH
安全公告
暂无安全公告信息
变更历史
v3
CNNVD
2025-11-11 15:56:29
vulnerability_type: 未提取 → 其他; cnnvd_id: 未提取 → CNNVD-202010-372; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202010-372
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2
NVD
2025-11-11 15:44:30
cvss_score: 未提取 → 5.3; cvss_vector: NOT_EXTRACTED → CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N; cvss_version: NOT_EXTRACTED → 3.1; affected_products_count: 0 → 27; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.3
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 0 -> 27
- data_sources: ['cve'] -> ['cve', 'nvd']