CVE-2020-13956

🔶 medium

Summary

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

CVSS Score

5.3

Medium

EPSS Score

0.5

Exploit Probability

Published Date

2020-12-02

First Seen: 2026-01-05

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.7% of all 329,456 vulnerabilities in our database.

#264,595

Below average severity

Severity Percentile

Last Modified 2025-12-01

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

📦 Affected Products 29

Vendor	Product	Status	Affected Versions
oracle	peoplesoft_enterprise_peopletools	Affected	v8.57
oracle	peoplesoft_enterprise_peopletools	Affected	v8.58
oracle	weblogic_server	Affected	v12.2.1.4.0
oracle	weblogic_server	Affected	v14.1.1.0.0
apache	httpclient	Affected	< 4.5.13
apache	httpclient	Affected	≥ 5.0.0 < 5.0.3
oracle	jd_edwards_enterpriseone_tools	Affected	< 9.2.6.0
oracle	retail_customer_management_and_segmentation_foundation	Affected	≥ 16.0 ≤ 19.0
netapp	snapcenter	Affected	v-
oracle	data_integrator	Affected	v12.2.1.3.0
oracle	data_integrator	Affected	v12.2.1.4.0
oracle	primavera_unifier	Affected	≥ 17.7 ≤ 17.12
oracle	primavera_unifier	Affected	v16.1
oracle	primavera_unifier	Affected	v16.2
oracle	primavera_unifier	Affected	v18.8
oracle	primavera_unifier	Affected	v19.12
oracle	primavera_unifier	Affected	v20.12
oracle	commerce_guided_search	Affected	v11.3.2
netapp	active_iq_unified_manager	Affected	v-
quarkus	quarkus	Affected	< 1.7.6
oracle	sql_developer	Affected	< 20.4.1.407.0006
oracle	sql_developer	Affected	< 21.99
oracle	jd_edwards_enterpriseone_orchestrator	Affected	< 9.2.6.0
oracle	peoplesoft_enterprise_pt_peopletools	Affected	v8.57
oracle	peoplesoft_enterprise_pt_peopletools	Affected	v8.58
oracle	peoplesoft_enterprise_pt_peopletools	Affected	v8.59
oracle	nosql_database	Affected	< 20.3
oracle	spatial_studio	Affected	< 20.1.1
oracle	communications_cloud_native_core_service_communication_proxy	Affected	v1.14.0

🔗 References 64

https://lists.apache.org/thread.html/r03bbc318c81be2...

https://lists.apache.org/thread.html/r043a75acdeb52b...

https://lists.apache.org/thread.html/r06cf3ca5c8ceb9...

https://lists.apache.org/thread.html/r0a75b8f0f72f3e...

https://lists.apache.org/thread.html/r0bebe6f9808ac7...

https://lists.apache.org/thread.html/r12cb62751b35bd...

https://lists.apache.org/thread.html/r132e4c6a560cfc...

https://lists.apache.org/thread.html/r2835543ef0f91a...

https://lists.apache.org/thread.html/r2a03dc210231d7...

https://lists.apache.org/thread.html/r2dc7930b43eadc...

https://lists.apache.org/thread.html/r34178ab6ef106b...

https://lists.apache.org/thread.html/r34efec51cb8173...

https://lists.apache.org/thread.html/r3cecd59fba7440...

https://lists.apache.org/thread.html/r3f740e4c38bba1...

https://lists.apache.org/thread.html/r4850b3fbaea02f...

https://lists.apache.org/thread.html/r549ac8c159bf0c...

https://lists.apache.org/thread.html/r55b2a1d1e9b1ec...

https://lists.apache.org/thread.html/r5b55f65c123a74...

https://lists.apache.org/thread.html/r5de3d3808e7b50...

https://lists.apache.org/thread.html/r5fec9c1d67f928...

https://lists.apache.org/thread.html/r63296c45d5d844...

https://lists.apache.org/thread.html/r69a94e2f302d1b...

https://lists.apache.org/thread.html/r6a3cda38d050eb...

https://lists.apache.org/thread.html/r6d672b46622842...

https://lists.apache.org/thread.html/r6dab7da30f8bf0...

Mailing List Vendor Advisory

https://lists.apache.org/thread.html/r6eb2dae157dbc9...

https://lists.apache.org/thread.html/r70c429923100c5...

https://lists.apache.org/thread.html/r87ddc09295c27f...

https://lists.apache.org/thread.html/r8aa1e5c343b89a...

https://lists.apache.org/thread.html/r9e52a6c72c8365...

https://lists.apache.org/thread.html/ra539f20ef0fb0c...

https://lists.apache.org/thread.html/ra8bc6b61c5df30...

https://lists.apache.org/thread.html/rad622213418304...

https://lists.apache.org/thread.html/rae14ae25ff4a60...

https://lists.apache.org/thread.html/rb33212dab7becc...

https://lists.apache.org/thread.html/rb4ba262d6f08ab...

https://lists.apache.org/thread.html/rb725052404fabf...

https://lists.apache.org/thread.html/rc0863892ccfd9f...

https://lists.apache.org/thread.html/rc3739e0ad4bcf1...

https://lists.apache.org/thread.html/rc505fee574fe8d...

https://lists.apache.org/thread.html/rc5c6ccb86d2afe...

https://lists.apache.org/thread.html/rc990e2462ec32b...

https://lists.apache.org/thread.html/rcced7ed3237c29...

https://lists.apache.org/thread.html/rcd9ad5dda60c82...

https://lists.apache.org/thread.html/rd0e44e8ef71eea...

https://lists.apache.org/thread.html/rd5ab56beb2ac68...

https://lists.apache.org/thread.html/re504acd4d63b8d...

https://lists.apache.org/thread.html/rea3dbf633dde50...

https://lists.apache.org/thread.html/ree942561f46203...

https://lists.apache.org/thread.html/reef569c2419705...

https://lists.apache.org/thread.html/rf03228972e56cb...

https://lists.apache.org/thread.html/rf43d17ed0d1fb4...

https://lists.apache.org/thread.html/rf4db88c22e1be9...

https://lists.apache.org/thread.html/rf7ca60f78f05b7...

https://lists.apache.org/thread.html/rfb35f6db9ba1f1...

https://lists.apache.org/thread.html/rfbedcb586a1e7d...

https://lists.apache.org/thread.html/rfc00884c7b7ca8...

https://security.netapp.com/advisory/ntap-20220210-0...

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Patch Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Patch Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch Third Party Advisory

https://priyankn.github.io/2021-02-26-CVE-2020-13956/

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-35258	⚠️ high	8.7	0.3	Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that ...	2026-06-17
CVE-2026-35259	⚠️ high	8.8	0.4	Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that ...	2026-06-17
CVE-2026-35263	⛔ critical	9.9	0.3	Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are...	2026-06-17
CVE-2026-35291	🔶 medium	6.6	0.4	Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that ...	2026-06-17
CVE-2026-35292	⛔ critical	10.0	0.5	Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that ...	2026-06-17
CVE-2026-35298	⛔ critical	9.1	0.5	Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are...	2026-06-17

These CVEs affect the same products