Apache Httpclient
6 CVEs affecting Apache Httpclient. Latest disclosed: 2026-04-22. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2013-4366 | Critical | 9.8 | 2017-10-30 | http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers t… |
CVE-2026-40542 | High | 7.3 | 2026-04-22 | Missing critical step in authentication in Apache HttpClient 5.6 allows an attacker to cause the client to accept SCRAM-SHA-256 authentication without proper m… |
CVE-2015-5262 | | 2015-10-27 | http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an… | |
CVE-2014-3577 | | 2014-08-21 | org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the s… | |
CVE-2012-5783 | | 2012-11-04 | Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname… | |
CVE-2011-1498 | | 2011-07-07 | Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin… |