CVE-2020-13956: 
Java vulnerability analysis and mitigation

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. This vulnerability is tracked as CVE-2020-13956 and was disclosed in December 2020 (NVD).

The vulnerability has a CVSS v3.1 Base Score of 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). The issue occurs when malformed authority components in request URIs are passed to the library as java.net.URI objects, which can cause the wrong target host to be selected for request execution (NVD).

If successfully exploited, this vulnerability could lead to disclosure of sensitive information or addition/modification of data when the wrong target host is selected for request execution (NetApp Advisory).

The vulnerability has been fixed in Apache HttpClient versions 4.5.13 and 5.0.3. Users should upgrade to these or later versions. Oracle has also released patches for affected products through their Critical Patch Updates (Oracle Advisory, Oracle Advisory).

Multiple organizations and vendors have responded by releasing security advisories and patches, including Oracle, NetApp, and Apache. The vulnerability has been actively tracked and patched across various dependent systems and applications (NetApp Advisory).