Apache HttpClient is a component shipped with IBM Tivoli Netcool/OMNIbus Integrations Java Gateway Framework. Information about security vulnerabilities affecting Apache HttpClient has been published. (CVE-2020-13956)
CVEID:CVE-2020-13956
**DESCRIPTION:**Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool OMNIbus Integrations - Java Gateway Framework (nco-g-java) | 8.0 up to 9.0 |
Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool OMNIbus Integrations - Java Gateway Framework (nco-g-java) | 10.0 |
Details on how to download the latest package is in the release notice here: <https://www.ibm.com/support/pages/node/255017>
None