{"id":"CVE-2013-4366","details":"http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification.","aliases":["GHSA-pqwh-44jj-p5rm"],"modified":"2026-04-10T03:44:30.197869Z","published":"2017-10-30T19:29:00Z","references":[{"type":"ADVISORY","url":"http://svn.apache.org/r1528614"},{"type":"ADVISORY","url":"http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt"},{"type":"FIX","url":"http://svn.apache.org/r1528614"},{"type":"REPORT","url":"http://svn.apache.org/r1528614"},{"type":"REPORT","url":"http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.3.x.txt"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}