
We found results for “”
CVE-2025-27820
Good to know:


Date: April 24, 2025
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
Severity Score
Related Resources (9)
Severity Score
Weakness Type (CWE)
Improper Certificate Validation
CWE-295Top Fix

Upgrade Version
Upgrade to version org.apache.httpcomponents.client5:httpclient5:5.4.3;org.apache.httpcomponents.client5:httpclient5:5.4.3;https://github.com/apache/httpcomponents-client.git - rel/v5.4.3
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |