WS-2017-3734 (Medium) detected in httpclient-4.5.2.jar #66

mend-bolt-for-github · 2022-03-01T01:14:32Z

WS-2017-3734 - Medium Severity Vulnerability

Vulnerable Library - httpclient-4.5.2.jar

Apache HttpComponents Client

Path to vulnerable library: /jar/httpclient-4.5.2.jar

Dependency Hierarchy:

❌ httpclient-4.5.2.jar (Vulnerable Library)

Vulnerability Details

Apache httpclient before 4.5.3 are vulnerable to Directory Traversal. The user-provided path was able to override the specified host, resulting in giving network access to a sensitive environment.

Publish Date: 2017-01-21

URL: WS-2017-3734

CVSS 3 Score Details (5.3)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://issues.apache.org/jira/browse/HTTPCLIENT-1803

Release Date: 2017-01-21

Fix Resolution: 4.5.3

Step up your Open Source Security Game with Mend here

mend-bolt-for-github bot added the security vulnerability Security vulnerability detected by WhiteSource label Mar 1, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WS-2017-3734 (Medium) detected in httpclient-4.5.2.jar #66

WS-2017-3734 (Medium) detected in httpclient-4.5.2.jar #66

mend-bolt-for-github bot commented Mar 1, 2022 •

edited

Loading

WS-2017-3734 (Medium) detected in httpclient-4.5.2.jar #66

WS-2017-3734 (Medium) detected in httpclient-4.5.2.jar #66

Comments

mend-bolt-for-github bot commented Mar 1, 2022 • edited Loading

WS-2017-3734 - Medium Severity Vulnerability

mend-bolt-for-github bot commented Mar 1, 2022 •

edited

Loading