Candidate: CVE-2013-4366
PublicDate: 2017-10-30 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4366
 http://svn.apache.org/r1528614
 http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
Description:
 http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before
 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows
 attackers to have unspecified impact via vectors involving hostname
 verification.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_httpcomponents-client:
upstream_httpcomponents-client: released (4.3.2-1)
precise/esm_httpcomponents-client: DNE
trusty_httpcomponents-client: not-affected (4.3.3-1)
trusty/esm_httpcomponents-client: not-affected (4.3.3-1)
xenial_httpcomponents-client: not-affected (4.5.1-1)
zesty_httpcomponents-client: not-affected (4.5.2-2)
artful_httpcomponents-client: not-affected (4.5.3-1)
devel_httpcomponents-client: not-affected