0.001 Low
EPSS
Percentile
45.2%
httpclient has insecure hostname verification defaults. If a X509HostnameVerifier is not provided, httpclient would default to having no hostname verification.
X509HostnameVerifier
svn.apache.org/r1528614
www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt
github.com/apache/httpcomponents-client/blob/f209636622350700e0cedb06a7a664dff3eae527/RELEASE_NOTES.txt#L16
github.com/apache/httpcomponents-client/commit/08140864e3e4c0994e094c4cf0507932baf6a66a