{ "threat_severity" : "Moderate", "public_date" : "2020-10-08T00:00:00Z", "bugzilla" : { "description" : "apache-httpclient: incorrect handling of malformed authority component in request URIs", "id" : "1886587", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1886587" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution." ], "statement" : "In OpenShift Container Platform (OCP) the affected components are behind OpenShift OAuth authentication. This restricts access to the vulnerable httpclient library to authenticated users only. Additionally the vulnerable httpclient library is not used directly in OCP components, therefore the impact by this vulnerability is Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\nIn the Red Hat Enterprise Linux platforms, Maven 35 and 36 are affected via their respective `httpcomponents-client` component.", "affected_release" : [ { "product_name" : "Red Hat AMQ 7.9.0", "release_date" : "2021-09-30T00:00:00Z", "advisory" : "RHSA-2021:3700", "cpe" : "cpe:/a:redhat:amq_broker:7", "package" : "httpclient", "impact" : "low" }, { "product_name" : "Red Hat build of Quarkus 1.7.6", "release_date" : "2021-01-12T00:00:00Z", "advisory" : "RHSA-2021:0084", "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0", "package" : "httpclient" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-05-10T00:00:00Z", "advisory" : "RHSA-2022:1860", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "maven:3.6-8060020211119162118.5dbfe8be" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-05-10T00:00:00Z", "advisory" : "RHSA-2022:1861", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "maven:3.5-8060020211117110044.c0229ad2" }, { "product_name" : "Red Hat Fuse 7.12", "release_date" : "2023-06-29T00:00:00Z", "advisory" : "RHSA-2023:3954", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7.9", "release_date" : "2021-08-11T00:00:00Z", "advisory" : "RHSA-2021:3140", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "httpclient" }, { "product_name" : "Red Hat Integration - Camel K - Tech-Preview 3", "release_date" : "2021-03-11T00:00:00Z", "advisory" : "RHSA-2021:0811", "cpe" : "cpe:/a:redhat:integration:1", "package" : "httpclient", "impact" : "low" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0250", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3", "package" : "httpclient" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-activemq-artemis-0:2.9.0-7.redhat_00017.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-glassfish-jsf-0:2.3.9-12.SP13_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hal-console-0:3.2.12-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-hibernate-0:5.3.20-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-ejb-client-0:4.0.37-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-genericjms-0:2.0.8-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-modules-0:1.11.0-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-remoting-0:5.0.20-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-server-migration-0:1.7.2-4.Final_redhat_00005.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-jboss-xnio-base-0:3.7.12-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-narayana-0:5.9.10-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-opentracing-interceptors-0:0.0.4.1-2.redhat_00002.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-resteasy-0:3.11.3-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-undertow-0:2.0.33-1.SP2_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-0:7.3.5-2.GA_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-discovery-0:1.2.1-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-elytron-0:1.10.10-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 6", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0246", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6", "package" : "eap7-wildfly-http-client-0:1.0.24-1.Final_redhat_00001.1.el6eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-activemq-artemis-0:2.9.0-7.redhat_00017.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-glassfish-jsf-0:2.3.9-12.SP13_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hal-console-0:3.2.12-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-hibernate-0:5.3.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-ejb-client-0:4.0.37-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-genericjms-0:2.0.8-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-modules-0:1.11.0-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-remoting-0:5.0.20-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-server-migration-0:1.7.2-4.Final_redhat_00005.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-jboss-xnio-base-0:3.7.12-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-narayana-0:5.9.10-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-opentracing-interceptors-0:0.0.4.1-2.redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-resteasy-0:3.11.3-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-undertow-0:2.0.33-1.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-0:7.3.5-2.GA_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-discovery-0:1.2.1-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-elytron-0:1.10.10-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 7", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0247", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7", "package" : "eap7-wildfly-http-client-0:1.0.24-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-activemq-artemis-0:2.9.0-7.redhat_00017.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-glassfish-jsf-0:2.3.9-12.SP13_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hal-console-0:3.2.12-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-hibernate-0:5.3.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-httpcomponents-client-0:4.5.13-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-ejb-client-0:4.0.37-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-genericjms-0:2.0.8-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-modules-0:1.11.0-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-remoting-0:5.0.20-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-server-migration-0:1.7.2-4.Final_redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-jboss-xnio-base-0:3.7.12-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-narayana-0:5.9.10-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-opentracing-interceptors-0:0.0.4.1-2.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-resteasy-0:3.11.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-undertow-0:2.0.33-1.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-0:7.3.5-2.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-discovery-0:1.2.1-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-elytron-0:1.10.10-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.3 for RHEL 8", "release_date" : "2021-01-25T00:00:00Z", "advisory" : "RHSA-2021:0248", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8", "package" : "eap7-wildfly-http-client-0:1.0.24-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat Single Sign-On 7.4.5", "release_date" : "2021-02-01T00:00:00Z", "advisory" : "RHSA-2021:0327", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7", "package" : "httpclient" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2022-03-01T00:00:00Z", "advisory" : "RHSA-2022:0722", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-maven36-httpcomponents-client-0:4.5.9-1.3.el7" }, { "product_name" : "RHDM 7.10.0", "release_date" : "2021-02-17T00:00:00Z", "advisory" : "RHSA-2021:0603", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7.10", "package" : "httpclient" }, { "product_name" : "RHINT Service Registry 2.0.2 GA", "release_date" : "2021-11-02T00:00:00Z", "advisory" : "RHSA-2021:4100", "cpe" : "cpe:/a:redhat:integration:1", "package" : "httpclient" }, { "product_name" : "RHPAM 7.10.1", "release_date" : "2021-03-30T00:00:00Z", "advisory" : "RHSA-2021:1044", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.10", "package" : "httpclient" } ], "package_state" : [ { "product_name" : "Red Hat BPM Suite 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform" }, { "product_name" : "Red Hat build of OpenJDK 11", "fix_state" : "Affected", "package_name" : "openjdk/openjdk-11-rhel7", "cpe" : "cpe:/a:redhat:openjdk:11" }, { "product_name" : "Red Hat build of OpenJDK 1.8", "fix_state" : "Affected", "package_name" : "redhat-openjdk-18/openjdk18-openshift", "cpe" : "cpe:/a:redhat:openjdk:1.8" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Will not fix", "package_name" : "httpcomponents-client", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "httpcomponents-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Integration Service Registry", "fix_state" : "Not affected", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:integration:1", "impact" : "low" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss BRMS 5", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:5" }, { "product_name" : "Red Hat JBoss BRMS 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:6" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Data Virtualization 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_data_virtualization:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 5", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat JBoss Fuse Service Works 6", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6" }, { "product_name" : "Red Hat JBoss Operations Network 3", "fix_state" : "Out of support scope", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:jboss_operations_network:3" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Fix deferred", "package_name" : "openshift3/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:3.11", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-logging-elasticsearch5", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-logging-elasticsearch6", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-metering-hadoop", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-metering-hive", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-metering-presto", "cpe" : "cpe:/a:redhat:openshift:4", "impact" : "low" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Out of support scope", "package_name" : "rh-maven35-httpcomponents-client", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Affected", "package_name" : "httpclient", "cpe" : "cpe:/a:redhat:amq_streams:1", "impact" : "low" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-13956\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-13956\nhttps://www.openwall.com/lists/oss-security/2020/10/08/4" ], "name" : "CVE-2020-13956", "csaw" : false }