CVE-2020-13956

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-13956
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13956.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13956
Aliases
Downstream
Related
Published
2020-12-02T17:15:14.547Z
Modified
2026-06-02T04:02:37.234941231Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Database specific 
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "9.2.6.0"
                }
            ],
            "vendor_product": "oracle:jd_edwards_enterpriseone_orchestrator",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "fixed": "9.2.6.0"
                }
            ],
            "vendor_product": "oracle:jd_edwards_enterpriseone_tools",
            "cpes": [
                "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "fixed": "20.3"
                }
            ],
            "vendor_product": "oracle:nosql_database",
            "cpes": [
                "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "introduced": "17.7"
                },
                {
                    "last_affected": "17.12"
                }
            ],
            "vendor_product": "oracle:primavera_unifier",
            "cpes": [
                "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "introduced": "16.0"
                },
                {
                    "last_affected": "19.0"
                }
            ],
            "vendor_product": "oracle:retail_customer_management_and_segmentation_foundation",
            "cpes": [
                "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "fixed": "20.1.1"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:spatial_studio",
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "fixed": "20.4.1.407.0006"
                },
                {
                    "fixed": "21.99"
                }
            ],
            "vendor_product": "oracle:sql_developer",
            "cpes": [
                "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "11.3.2"
                }
            ],
            "cpes": [
                "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*"
            ],
            "vendor_product": "oracle:commerce_guided_search",
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "1.14.0"
                }
            ],
            "vendor_product": "oracle:communications_cloud_native_core_service_communication_proxy",
            "cpes": [
                "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.3.0"
                },
                {
                    "last_affected": "12.2.1.4.0"
                }
            ],
            "vendor_product": "oracle:data_integrator",
            "cpes": [
                "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.57"
                },
                {
                    "last_affected": "8.58"
                }
            ],
            "vendor_product": "oracle:peoplesoft_enterprise_peopletools",
            "cpes": [
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "8.57"
                },
                {
                    "last_affected": "8.58"
                },
                {
                    "last_affected": "8.59"
                }
            ],
            "vendor_product": "oracle:peoplesoft_enterprise_pt_peopletools",
            "cpes": [
                "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.59:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "16.1"
                },
                {
                    "last_affected": "16.2"
                },
                {
                    "last_affected": "18.8"
                },
                {
                    "last_affected": "19.12"
                },
                {
                    "last_affected": "20.12"
                }
            ],
            "vendor_product": "oracle:primavera_unifier",
            "cpes": [
                "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "12.2.1.4.0"
                },
                {
                    "last_affected": "14.1.1.0.0"
                }
            ],
            "vendor_product": "oracle:weblogic_server",
            "cpes": [
                "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
                "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/apache/httpcomponents-client

Affected ranges

Type
GIT
Repo
https://github.com/apache/httpcomponents-client
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
dd76cf91c8f9125c7e0e29770622271f9417b46d
Fixed
3734aaa038a58c17af638e9fa29019cacb22e82c
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.5.13"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.3"
        }
    ],
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*"
}

Affected versions

4.*
4.5.4-RC1
4.5.5-RC1
4.5.6-RC1
5.*
5.0-alpha3-RC1
5.0-beta1-RC1
5.0-beta2-RC1
5.0-beta3-RC1
5.0-beta4-RC1
rel/v4.*
rel/v4.5.4
rel/v4.5.5
rel/v4.5.6
rel/v5.*
rel/v5.0-alpha3
rel/v5.0-beta1
rel/v5.0-beta2
rel/v5.0-beta3
rel/v5.0-beta4

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13956.json"

Git / github.com/quarkusio/quarkus

Affected ranges

Type
GIT
Repo
https://github.com/quarkusio/quarkus
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0d3bd38a509e1a0423e41bfd974ca4924e5a7835
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.6"
        }
    ],
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13956.json"