Medium
Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
Security bypass
Apache
Upgrade to the latest version of HttpClient (4.5.13 or 5.0.3 or later).