Miggo Logo
Miggo Vulnerability Database
CVE-2020-13956

CVE-2020-13956: Cross-site scripting in Apache HttpClient

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-13956
GHSA ID
GHSA-7r82-7xv7-xcpj
EPSS Score
0.65232%
CWE
CWE-79
Published
6/3/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.httpcomponents:httpclientmaven< 4.5.134.5.13
org.apache.httpcomponents:httpclientmaven>= 5.0.0, < 5.0.35.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability is related to the handling of malformed URIs in Apache HttpClient. The URIBuilder class is crucial for parsing and building URIs, making its methods prime candidates for being vulnerable or being part of the mitigation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** *ttp*li*nt v*rsions prior to v*rsion *.*.** *n* *.*.* **n misint*rpr*t m*l*orm** *ut*ority *ompon*nt in r*qu*st URIs p*ss** to t** li*r*ry *s j*v*.n*t.URI o*j**t *n* pi*k t** wron* t*r**t *ost *or r*qu*st *x**ution.

Reasoning

T** vuln*r**ility is r*l*t** to t** **n*lin* o* m*l*orm** URIs in *p**** *ttp*li*nt. T** URI*uil**r *l*ss is *ru*i*l *or p*rsin* *n* *uil*in* URIs, m*kin* its m*t*o*s prim* **n*i**t*s *or **in* vuln*r**l* or **in* p*rt o* t** miti**tion.