UBUNTU-CVE-2020-13956
- Source
- https://ubuntu.com/security/CVE-2020-13956
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-13956.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-13956
- Related
- Published
- 2020-12-02T17:15:00Z
- Modified
- 2024-10-15T14:07:29Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / httpcomponents-client
Package
- Name
- httpcomponents-client
- Purl
- pkg:deb/ubuntu/httpcomponents-client?arch=src?distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.3.3-1ubuntu0.1+esm2
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "4.3.3-1ubuntu0.1+esm2",
"binary_name": "libhttpclient-java"
},
{
"binary_version": "4.3.3-1ubuntu0.1+esm2",
"binary_name": "libhttpmime-java"
}
]
}
Ubuntu:Pro:16.04:LTS / httpcomponents-client
Package
- Name
- httpcomponents-client
- Purl
- pkg:deb/ubuntu/httpcomponents-client?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5.1-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "4.5.1-1ubuntu0.1~esm1",
"binary_name": "libhttpclient-java"
},
{
"binary_version": "4.5.1-1ubuntu0.1~esm1",
"binary_name": "libhttpmime-java"
}
]
}
Ubuntu:Pro:18.04:LTS / httpcomponents-client
Package
- Name
- httpcomponents-client
- Purl
- pkg:deb/ubuntu/httpcomponents-client?arch=src?distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5.5-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "4.5.5-1ubuntu0.1~esm1",
"binary_name": "libhttpclient-java"
},
{
"binary_version": "4.5.5-1ubuntu0.1~esm1",
"binary_name": "libhttpmime-java"
}
]
}
Ubuntu:20.04:LTS / httpcomponents-client
Package
- Name
- httpcomponents-client
- Purl
- pkg:deb/ubuntu/httpcomponents-client?arch=src?distro=focal
Ubuntu:Pro:20.04:LTS / httpcomponents-client
Package
- Name
- httpcomponents-client
- Purl
- pkg:deb/ubuntu/httpcomponents-client?arch=src?distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.5.11-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "4.5.11-1ubuntu0.1~esm1",
"binary_name": "libhttpclient-java"
},
{
"binary_version": "4.5.11-1ubuntu0.1~esm1",
"binary_name": "libhttpmime-java"
}
]
}