CVE-2020-13956 vulnerability in Apache and Other Products
Published on December 2, 2020

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Github Repository NVD

Products Associated with CVE-2020-13956

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-13956 are published in these products:

Apache Httpclient

Quarkus

Apache Drill

Oracle Data Integrator

Oracle Nosql Database

Oracle Peoplesoft Enterprise Pt Peopletools

Oracle Primavera Unifier

Oracle Spatial Studio

Oracle Sql Developer

Oracle Jd Edwards Enterpriseone Orchestrator

Oracle Jd Edwards Enterpriseone Tools

Oracle Peoplesoft Enterprise Peopletools

Oracle Retail Customer Management Segmentation Foundation

NetApp Active Iq Unified Manager

NetApp Snapcenter

Oracle Communications Cloud Native Core Service Communication Proxy

Oracle Weblogic Server

Oracle Commerce Guided Search

Oracle

Vulnerable Packages

The following package name and versions may be associated with CVE-2020-13956

Package Manager	Vulnerable Package	Versions	Fixed In
maven	org.odpi.egeria:egeria-connector-xtdb	< 3.5	3.5

Exploit Probability

EPSS

0.51%

Percentile

65.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-13956 vulnerability in Apache and Other ProductsPublished on December 2, 2020

Products Associated with CVE-2020-13956

Vulnerable Packages

Exploit Probability

CVE-2020-13956 vulnerability in Apache and Other Products
Published on December 2, 2020