Back to search
CVE-2017-14063
Published: Aug 31, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/AsyncHttpClient/async-http-client/issues/1455
x_refsource_MISC
RHSA-2018:2669
vendor-advisory
x_refsource_REDHAT
http://openwall.com/lists/oss-security/2017/08/31/4
x_refsource_MISC
[pulsar-commits] 20200914 [GitHub] [pulsar] klwilson227 opened a new issue #8061: CVE-2017-14063
mailing-list
x_refsource_MLIST
[pulsar-commits] 20200924 [GitHub] [pulsar] jiazhai closed issue #8061: CVE-2017-14063
mailing-list
x_refsource_MLIST
[pulsar-commits] 20200925 [GitHub] [pulsar] jiazhai closed issue #8061: CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201002 [jira] [Created] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201002 [jira] [Assigned] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-dev] 20201002 [jira] [Created] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201004 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201004 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201005 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201005 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201009 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201009 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201014 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201014 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201020 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201020 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201021 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201021 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201110 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201111 [jira] [Commented] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-issues] 20201111 [jira] [Updated] (TEZ-4237) Upgrade async-http-client-1.9.40 due to CVE-2017-14063
mailing-list
x_refsource_MLIST
[tez-dev] 20201112 Build failed in Jenkins: Tez-qbt-0.10-Build #12
mailing-list
x_refsource_MLIST
[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now