ГлавнаяУязвимости → CVE-2025-27820
7.5высокая

CVE-2025-27820

Описание

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release

Затрагиваемое ПО
Apache HttpclientNetapp Ontap tools
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://github.com/apache/httpcomponents-client/pull/574https://github.com/apache/httpcomponents-client/pull/621https://hc.apache.org/httpcomponents-client-5.4.x/index.htmlhttps://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8https://security.netapp.com/advisory/ntap-20250516-0003/