Candidate: CVE-2020-13956
PublicDate: 2020-12-02 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13956
 https://bugzilla.redhat.com/show_bug.cgi?id=1886587
Description:
 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can
 misinterpret malformed authority component in request URIs passed to the
 library as java.net.URI object and pick the wrong target host for request
 execution.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: pfsmorigo
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]


Patches_httpcomponents-client:
 upstream: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e
upstream_httpcomponents-client: released (4.5.13-1)
precise/esm_httpcomponents-client: DNE
trusty_httpcomponents-client: ignored (out of standard support)
trusty/esm_httpcomponents-client: needed
xenial_httpcomponents-client: ignored (end of standard support, was needs-triage)
bionic_httpcomponents-client: needed
focal_httpcomponents-client: needed
groovy_httpcomponents-client: ignored (reached end-of-life)
hirsute_httpcomponents-client: not-affected (4.5.13-1)
impish_httpcomponents-client: not-affected (4.5.13-1)
jammy_httpcomponents-client: not-affected (4.5.13-1)
devel_httpcomponents-client: not-affected (4.5.13-1)