Vulnerability Database
296,138
Total vulnerabilities in the database
CVE-2025-27820
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
| Software | From | Fixed in |
|---|---|---|
org.apache.httpcomponents.client5 / httpclient5
|
5.4-alpha1 | 5.4.3 |
| apache / httpclient | 5.4 | 5.4.3 |
| netapp / ontap_tools | 10 | 10.x |
- https://github.com/apache/httpcomponents-client/pull/574
- https://github.com/apache/httpcomponents-client/pull/621
- https://hc.apache.org/httpcomponents-client-5.4.x/index.html
- https://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8
- https://security.netapp.com/advisory/ntap-20250516-0003
- https://security.netapp.com/advisory/ntap-20250516-0003/