CVE编号
CVE-2020-13956利用情况
暂无补丁情况
官方补丁披露时间
2020-12-03漏洞描述
HttpClient是美国阿帕奇(Apache)基金会的一个 Java 编写的访问HTTP资源的客户端程序。该程序用于使用HTTP协议访问网络资源。 Apache HttpClient java.net.URI Authority Component存在安全漏洞,该漏洞允许攻击者访问敏感数据。解决建议
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页:https://www.apache.org/
参考链接 |
|
|---|---|
| https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa80... | |
| https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a52... | |
| https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7... | |
| https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe... | |
| https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c9... | |
| https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d... | |
| https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd403632761... | |
| https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f58... | |
| https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca... | |
| https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4be... | |
| https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603... | |
| https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5... | |
| https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb37... | |
| https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be... | |
| https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a... | |
| https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074bed... | |
| https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a53... | |
| https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6... | |
| https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e89... | |
| https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fd... | |
| https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8... | |
| https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b2264... | |
| https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095... | |
| https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d879... | |
| https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e2... | |
| https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618... | |
| https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de4... | |
| https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a9122404... | |
| https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246... | |
| https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a1... | |
| https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d... | |
| https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8... | |
| https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c3907... | |
| https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851df... | |
| https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644... | |
| https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90... | |
| https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c31... | |
| https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b8... | |
| https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bb... | |
| https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6... | |
| https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bb... | |
| https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e1... | |
| https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e96... | |
| https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc74080445... | |
| https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2... | |
| https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed836... | |
| https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80... | |
| https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733... | |
| https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062... | |
| https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153c... | |
| https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3... | |
| https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef... | |
| https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb... | |
| https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a0... | |
| https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254... | |
| https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeaf... | |
| https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b... | |
| https://security.netapp.com/advisory/ntap-20220210-0002/ | |
| https://www.oracle.com//security-alerts/cpujul2021.html | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | |
| https://www.oracle.com/security-alerts/cpujan2022.html | |
| https://www.oracle.com/security-alerts/cpuoct2021.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | httpclient | * |
Up to (excluding) 4.5.13 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | apache | httpclient | * |
From (including) 5.0.0 |
Up to (excluding) 5.0.3 |
||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | httpcomponents-client | * |
Up to (excluding) 4.5.7-1+deb10u1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | httpcomponents-client | * |
Up to (excluding) 4.5.2-2+deb9u1 |
|||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...