Security Advisory

CVE-2025-27820

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-24 11:44:25
Last updated 2025-06-04 11:20:12
Assigner apache
State PUBLISHED

Description

A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release