CVE-2020-13956
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none
Description
AI Translation Available
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0051
Percentile
0,7th
Updated
EPSS Score Trend (Last 91 Days)
Application
Weblogic Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
Version Range Affected
From
17.7
(inclusive)
To
17.12
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Communications Cloud Native Core Service Communication Proxy by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Developer by Oracle
Version Range Affected
To
20.4.1.407.0006
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jd Edwards Enterpriseone Orchestrator by Oracle
Version Range Affected
To
9.2.6.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Commerce Guided Search by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Weblogic Server by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Spatial Studio by Oracle
Version Range Affected
To
20.1.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Jd Edwards Enterpriseone Tools by Oracle
Version Range Affected
To
9.2.6.0
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Pt Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Data Integrator by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Pt Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Data Integrator by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Pt Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.59:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Retail Customer Management And Segmentation Foundation by Oracle
Version Range Affected
From
16.0
(inclusive)
To
19.0
(inclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Snapcenter by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Nosql Database by Oracle
Version Range Affected
To
20.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Primavera Unifier by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Peoplesoft Enterprise Peopletools by Oracle
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Httpclient by Apache
Version Range Affected
To
4.5.13
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Httpclient by Apache
Version Range Affected
From
5.0.0
(inclusive)
To
5.0.3
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:httpclient:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Active Iq Unified Manager by Netapp
CPE Identifier
View Detailed Analysis
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Quarkus by Quarkus
Version Range Affected
To
1.7.6
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Sql Developer by Oracle
Version Range Affected
To
21.99
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a…
https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228…
https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7da…
https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b…
https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90d…
https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41…
https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610e…
https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c…
https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6c…
https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee5…
https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3…
https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f8…
https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f…
https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be60…
https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48…
https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded…
https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310…
https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aa…
https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931…
https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe…
https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d5…
https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438…
https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d0…
https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792a…
https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e267…
https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3…
https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de488…
https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a912240459…
https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb…
https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150…
https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c…
https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7…
https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739…
https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4…
https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7…
https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90da…
https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193…
https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b895…
https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8…
https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a7…
https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd…
https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196…
https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b…
https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451f…
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e299…
https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d…
https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e4…
https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e0…
https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b0…
https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef…
https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ce…
https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3a…
https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb19…
https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05c…
https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254eb…
https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa0…
https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26…
https://priyankn.github.io/2021-02-26-CVE-2020-13956/
https://security.netapp.com/advisory/ntap-20220210-0002/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.apache.org/thread.html/r03bbc318c81be21f5c8a9b85e34f2ecc741aa804a…
https://lists.apache.org/thread.html/r043a75acdeb52b15dd5e9524cdadef4202e6a5228…
https://lists.apache.org/thread.html/r06cf3ca5c8ceb94b39cd24a73d4e96153b485a7da…
https://lists.apache.org/thread.html/r0a75b8f0f72f3e18442dc56d33f3827b905f2fe5b…
https://lists.apache.org/thread.html/r0bebe6f9808ac7bdf572873b4fa96a29c6398c90d…
https://lists.apache.org/thread.html/r12cb62751b35bdcda0ae2a08b67877d665a1f4d41…
https://lists.apache.org/thread.html/r132e4c6a560cfc519caa1aaee63bdd4036327610e…
https://lists.apache.org/thread.html/r2835543ef0f91adcc47da72389b816e36936f584c…
https://lists.apache.org/thread.html/r2a03dc210231d7e852ef73015f71792ac0fcaca6c…
https://lists.apache.org/thread.html/r2dc7930b43eadc78220d269b79e13ecd387e4bee5…
https://lists.apache.org/thread.html/r34178ab6ef106bc940665fd3f4ba5026fac3603b3…
https://lists.apache.org/thread.html/r34efec51cb817397ccf9f86e25a75676d435ba5f8…
https://lists.apache.org/thread.html/r3cecd59fba74404cbf4eb430135e1080897fb376f…
https://lists.apache.org/thread.html/r3f740e4c38bba1face49078aa5cbeeb558c27be60…
https://lists.apache.org/thread.html/r4850b3fbaea02fde2886e461005e4af8d37c80a48…
https://lists.apache.org/thread.html/r549ac8c159bf0c568c19670bedeb8d7c0074beded…
https://lists.apache.org/thread.html/r55b2a1d1e9b1ec9db792b93da8f0f99a4fd5a5310…
https://lists.apache.org/thread.html/r5b55f65c123a7481104d663a915ec45a0d103e6aa…
https://lists.apache.org/thread.html/r5de3d3808e7b5028df966e45115e006456c4e8931…
https://lists.apache.org/thread.html/r5fec9c1d67f928179adf484b01e7becd7c0a6fdfe…
https://lists.apache.org/thread.html/r63296c45d5d84447babaf39bd1487329d8a80d8d5…
https://lists.apache.org/thread.html/r69a94e2f302d1b778bdfefe90fcb4b8c50b226438…
https://lists.apache.org/thread.html/r6a3cda38d050ebe13c1bc9a28d0a8ec38945095d0…
https://lists.apache.org/thread.html/r6d672b46622842e565e00f6ef6bef83eb55d8792a…
https://lists.apache.org/thread.html/r6dab7da30f8bf075f79ee189e33b45a197502e267…
https://lists.apache.org/thread.html/r6eb2dae157dbc9af1f30d1f64e9c60d4ebef618f3…
https://lists.apache.org/thread.html/r70c429923100c5a4fae8e5bc71c8a2d39af3de488…
https://lists.apache.org/thread.html/r87ddc09295c27f25471269ad0a79433a912240459…
https://lists.apache.org/thread.html/r8aa1e5c343b89aec5b69961471950e862f15246cb…
https://lists.apache.org/thread.html/r9e52a6c72c8365000ecd035e48cc9fee5a677a150…
https://lists.apache.org/thread.html/ra539f20ef0fb0c27ee39945b5f56bf162e5c13d1c…
https://lists.apache.org/thread.html/ra8bc6b61c5df301a6fe5a716315528ecd17ccb8a7…
https://lists.apache.org/thread.html/rad6222134183046f3928f733bf680919e0c390739…
https://lists.apache.org/thread.html/rae14ae25ff4a60251e3ba2629c082c5ba3851dfd4…
https://lists.apache.org/thread.html/rb33212dab7beccaf1ffef9b88610047c644f644c7…
https://lists.apache.org/thread.html/rb4ba262d6f08ab9cf8b1ebbcd9b00b0368ffe90da…
https://lists.apache.org/thread.html/rb725052404fabffbe093c83b2c46f3f87e12c3193…
https://lists.apache.org/thread.html/rc0863892ccfd9fd0d0ae10091f24ee769fb39b895…
https://lists.apache.org/thread.html/rc3739e0ad4bcf1888c6925233bfc37dd71156bbc8…
https://lists.apache.org/thread.html/rc505fee574fe8d18f9b0c655a4d120b0ae21bb6a7…
https://lists.apache.org/thread.html/rc5c6ccb86d2afe46bbd4b71573f0448dc1f87bbcd…
https://lists.apache.org/thread.html/rc990e2462ec32b09523deafb2c73606208599e196…
https://lists.apache.org/thread.html/rcced7ed3237c29cd19c1e9bf465d0038b8b2e967b…
https://lists.apache.org/thread.html/rcd9ad5dda60c82ab0d0c9bd3e9cb1dc740804451f…
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e299…
https://lists.apache.org/thread.html/rd5ab56beb2ac6879f6ab427bc4e5f7691aed8362d…
https://lists.apache.org/thread.html/re504acd4d63b8df2a7353658f45c9a3137e5f80e4…
https://lists.apache.org/thread.html/rea3dbf633dde5008d38bf6600a3738b9216e733e0…
https://lists.apache.org/thread.html/ree942561f4620313c75982a4e5f3b74fe6f7062b0…
https://lists.apache.org/thread.html/reef569c2419705754a3acf42b5f19b2a158153cef…
https://lists.apache.org/thread.html/rf03228972e56cb4a03e6d9558188c2938078cf3ce…
https://lists.apache.org/thread.html/rf43d17ed0d1fb4fb79036b582810ef60b18b1ef3a…
https://lists.apache.org/thread.html/rf4db88c22e1be9eb60c7dc623d0528642c045fb19…
https://lists.apache.org/thread.html/rf7ca60f78f05b772cc07d27e31bcd112f9910a05c…
https://lists.apache.org/thread.html/rfb35f6db9ba1f1e061b63769a4eff5abadcc254eb…
https://lists.apache.org/thread.html/rfbedcb586a1e7dfce87ee03c720e583fc2ceeafa0…
https://lists.apache.org/thread.html/rfc00884c7b7ca878297bffe45fcb742c362b00b26…
https://security.netapp.com/advisory/ntap-20220210-0002/
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html