Rewterz Threat Alert – Latest Trickbot IOCs
October 12, 2020Rewterz Threat Advisory – CVE-2020-16850 – ICS: Mitsubishi MELSEC IQ-R series denial of service
October 12, 2020Rewterz Threat Alert – Latest Trickbot IOCs
October 12, 2020Rewterz Threat Advisory – CVE-2020-16850 – ICS: Mitsubishi MELSEC IQ-R series denial of service
October 12, 2020Severity
Medium
Analysis Summary
Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
Impact
Security bypass
Affected Vendors
Apache
Affected Products
- Apache HttpClient 4.5.12
- Apache HttpClient 5.0.2
Remediation
Upgrade to the latest version of HttpClient (4.5.13 or 5.0.3 or later).