Critical severity9.8NVD Advisory· Published Oct 30, 2017· Updated Jun 16, 2026
CVE-2013-4366
CVE-2013-4366
Description
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.httpcomponents:httpclientMaven | >= 4.3, < 4.3.1 | 4.3.1 |
Affected products
5cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:apache:httpclient:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.3:alpha1:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.3:beta1:*:*:*:*:*:*
- cpe:2.3:a:apache:httpclient:4.3:beta2:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
5- svn.apache.org/r1528614nvdIssue TrackingPatchRelease NotesVendor AdvisoryWEB
- www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txtnvdIssue TrackingRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-pqwh-44jj-p5rmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4366ghsaADVISORY
- github.com/apache/httpcomponents-client/commit/08140864e3e4c0994e094c4cf0507932baf6a66ghsaWEB
News mentions
0No linked articles in our index yet.