CVE-2020-13956

Published Dec 2, 2020
Last updated a year ago
CVSS medium 5.3
Overview

Description: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
Source: security@apache.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: NVD-CWE-noinfo
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC854C9B-84E8-4AAD-91B0-96A9DA0B1FC5",
            "versionEndExcluding": "4.5.13"
          },
          {
            "criteria": "cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA4A0CBA-0BAF-4322-83C5-211ED7254B59",
            "versionEndExcluding": "5.0.3",
            "versionStartIncluding": "5.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA1B998C-28F3-4F9D-8173-6591981AE52A",
            "versionEndExcluding": "1.7.6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "289C3121-D30F-45C0-BD0E-F98C61269D74",
            "versionEndExcluding": "9.2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86305E47-33E9-411C-B932-08C395C09982",
            "versionEndExcluding": "9.2.6.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D04565AE-D092-4AE0-8FEE-0E8114662A1B",
            "versionEndExcluding": "20.3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99BA317E-3C52-4BAF-B61C-803B7208C155"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "929638B0-AAD1-4326-9549-2FA8D03AA7ED"
          },
          {
            "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.59:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AAA409CE-EAAE-4B20-ADAB-22E0A8F6063C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
            "versionEndIncluding": "19.0",
            "versionStartIncluding": "16.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84C6CD9A-D0BA-4B37-9FEA-6EE91C83BF75",
            "versionEndExcluding": "20.1.1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13209603-DBC5-4B1F-A4FB-04E3C722AB18",
            "versionEndExcluding": "20.4.1.407.0006"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
          },
          {
            "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
          },
          {
            "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA1BEAE3-B299-433E-A922-7F226B037D87",
            "versionEndExcluding": "21.99"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418"
          },
          {
            "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
