CVEFinder.io

CVE-2013-4366

⛔ critical
🔍 Scan for this CVE
Summary

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.

CVSS Score
9.8
Critical
EPSS Score
1.3
Exploit Probability
Published Date
2017-10-30
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.5% of all 329,456 vulnerabilities in our database.

#31,311
Top 10% most severe
Severity Percentile
Last Modified 2025-04-20
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-20

📦 Affected Products 1

Vendor Product Status Affected Versions
apache httpclient Affected
v4.3

🔗 References 2

http://svn.apache.org/r1528614
Issue Tracking Patch Release Notes Vendor Advisory
http://www.apache.org/dist/httpcomponents/httpclient...
Issue Tracking Release Notes Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-40542 ⚠️ high 7.3 0.1 Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-... 2026-04-22
CVE-2025-27820 ⚠️ high 7.5 0.1 A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host na... 2025-04-24
CVE-2020-13956 🔶 medium 5.3 0.5 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request U... 2020-12-02
CVE-2015-5262 🔶 medium 4.3 0.9 http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.t... 2015-10-27
CVE-2014-3577 🔶 medium 5.8 9.2 org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.... 2014-08-21
CVE-2012-5783 🔶 medium 5.8 0.7 Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, d... 2012-11-04
These CVEs affect the same products