VulnerableCode Package Details - pkg:deb/debian/httpcomponents-client@4.0.1-1squeeze1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/httpcomponents-client@4.0.1-1squeeze1

Essentials
History (6)

purl	pkg:deb/debian/httpcomponents-client@4.0.1-1squeeze1

Next non-vulnerable version	4.5.13-2
Latest non-vulnerable version	4.5.13-2
Risk	4.5

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-318s-st8t-wke2 Aliases: CVE-2011-1498 GHSA-gw85-4gmf-m7rh	Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.	4.1.1-2+deb7u1 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6amm-pfu5-6bf4 Aliases: CVE-2020-13956 GHSA-7r82-7xv7-xcpj	Improper Authorization Apache HttpClient versions can misinterpret malformed authority component in request URIs passed to the library as `java.net.URI` object and pick the wrong target host for request execution.	4.5.7-1+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 4.5.13-2 Affected by 0 other vulnerabilities.
VCID-mkuu-7x6y-7kc6 Aliases: CVE-2014-3577 GHSA-cfh5-3ghh-wfjx	certificate verification bypass	4.3.5-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-x63h-y2jy-pyaz Aliases: CVE-2015-5262 GHSA-fmj5-wv96-r2ch	Moderate severity vulnerability that affects org.apache.httpcomponents:httpclient http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.	4.5.2-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yrbr-vnty-ebfr Aliases: CVE-2013-4366 GHSA-pqwh-44jj-p5rm	Improper Input Validation http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.	4.3.5-2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T02:49:38.111312+00:00	Debian Oval Importer	Affected by	VCID-yrbr-vnty-ebfr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:21:55.993690+00:00	Debian Oval Importer	Affected by	VCID-6amm-pfu5-6bf4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:00:07.770978+00:00	Debian Oval Importer	Affected by	VCID-318s-st8t-wke2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T00:34:36.673138+00:00	Debian Oval Importer	Affected by	VCID-x63h-y2jy-pyaz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:26:30.882710+00:00	Debian Oval Importer	Affected by	VCID-6amm-pfu5-6bf4	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-02T00:46:13.757025+00:00	Debian Oval Importer	Affected by	VCID-mkuu-7x6y-7kc6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0