Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.httpcomponents/httpclient@4.1-beta1
purl pkg:maven/org.apache.httpcomponents/httpclient@4.1-beta1
Next non-vulnerable version 4.5.13
Latest non-vulnerable version 4.5.13
Risk 4.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-318s-st8t-wke2
Aliases:
CVE-2011-1498
GHSA-gw85-4gmf-m7rh
Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used with an authenticating proxy server, sends the Proxy-Authorization header to the origin server, which allows remote web servers to obtain sensitive information by logging this header.
4.1.1
Affected by 4 other vulnerabilities.
VCID-6amm-pfu5-6bf4
Aliases:
CVE-2020-13956
GHSA-7r82-7xv7-xcpj
Improper Authorization Apache HttpClient versions can misinterpret malformed authority component in request URIs passed to the library as `java.net.URI` object and pick the wrong target host for request execution.
4.5.13
Affected by 0 other vulnerabilities.
5.0.3
Affected by 0 other vulnerabilities.
VCID-jd44-nhjx-3yfw
Aliases:
CVE-2012-6153
GHSA-2x83-r56g-cv47
Improper Input Validation http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5783.
4.2.3
Affected by 3 other vulnerabilities.
VCID-mkuu-7x6y-7kc6
Aliases:
CVE-2014-3577
GHSA-cfh5-3ghh-wfjx
certificate verification bypass
4.3.5
Affected by 2 other vulnerabilities.
VCID-x63h-y2jy-pyaz
Aliases:
CVE-2015-5262
GHSA-fmj5-wv96-r2ch
Moderate severity vulnerability that affects org.apache.httpcomponents:httpclient http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
4.3.6
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T02:05:31.126245+00:00 GitLab Importer Affected by VCID-318s-st8t-wke2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.httpcomponents/httpclient/CVE-2011-1498.yml 38.6.0
2026-06-04T20:42:02.355163+00:00 GitLab Importer Affected by VCID-6amm-pfu5-6bf4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.httpcomponents/httpclient/CVE-2020-13956.yml 38.6.0
2026-06-04T20:16:07.542055+00:00 GitLab Importer Affected by VCID-mkuu-7x6y-7kc6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.httpcomponents/httpclient/CVE-2014-3577.yml 38.6.0
2026-06-04T20:16:05.546307+00:00 GitLab Importer Affected by VCID-jd44-nhjx-3yfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.httpcomponents/httpclient/CVE-2012-6153.yml 38.6.0
2026-06-04T20:16:00.586571+00:00 GitLab Importer Affected by VCID-x63h-y2jy-pyaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.httpcomponents/httpclient/CVE-2015-5262.yml 38.6.0