CVE-2025-27820
Apache HttpComponents: PSL (Public Suffix List) validation bypass
A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
Apache Software Foundation · Apache HttpComponentsQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/apache/httpcomponents-client/pull/574https://github.com/apache/httpcomponents-client/pull/621https://hc.apache.org/httpcomponents-client-5.4.x/index.htmlhttps://lists.apache.org/thread/55xhs40ncqv97qvoocok44995xp5kqn8https://security.netapp.com/advisory/ntap-20250516-0003/